allocate-cve

What problem does it solve?

Walk a security team member through allocating a CVE for an <tracker> tracking issue. The tool prints the ASF Vulnogram allocation URL and a CVE-ready title (the issue title stripped of redundant <vendor>: <product>:, [ Security Report ], trailing version parens and similar noise), waits for the allocated CVE ID (allocation is PMC-gated — non-PMC triagers relay to a PMC member), and then updates the tracker in place: fills in the CVE tool link field, adds the cve allocated label, posts a collapsed status-change comment, and runs generate-cve-json --attach to embed the paste-ready JSON in the body. Finishes by handing off to the sync-security-issue skill to reconcile the rest of the tracker (milestone, assignee, reporter drafts, fix-PR state) now that the CVE landing is complete.

Core Features & Use Cases

• Walks a security team member through the CVE-allocation flow, producing a clickable allocation URL and a ready-to-use title.
• Enforces PMC gating rules and provides a relay path for non-PMC triagers to involve a PMC member.
• Updates the tracker with the CVE tool link, the cve allocated label, and a rollup status entry; regenerates the CVE JSON attach and hands off to sync-security-issue for full reconciliation.

Quick Start

Invoke the allocate-cve skill on a tracker issue, follow the prompts to fetch the tracker state, generate the stripped CVE title, and await the allocated CVE before proceeding.