Triage run: 2026-04-10T05:00Z | Workflow run: 24230287000
Previous run: 2026-03-26 | Open PRs triaged: 14 | New this run: #4297
Summary
| Stat |
Count |
| Total open PRs |
14 |
| New since last triage |
1 (#4297, today) |
| High priority |
5 |
| Medium priority |
6 |
| Low priority |
3 |
| Security-flagged |
4 |
| With tests |
8 |
| External contributors |
3 (#4234, #4112, #3984) |
Action Required
🔴 Resolve overlapping shell-quoting PRs (#4228, #4236, #4245)
Three open PRs address the same root cause (shell injection via heredoc substitution in recipe runner steps):
Recommendation: Review and pick one approach. #4245 appears most complete (different mechanism — direct env-var instead of heredoc quoting, covers same steps + more). Close the superseded PRs after merging the chosen fix.
🟡 Resolve duplicate docs PRs (#3984, #4112)
Two external contributors independently fixed the same issue (#3844):
Recommendation: Pick one and close the other with thanks.
Merge-Ready PRs (per PR self-reports)
These PRs claim CI-green + quality-audit converged status:
| PR |
Title |
Risk |
Tests |
| #4207 |
fix: SEARCH_TITLE quoting + unsafe conditions |
Low |
✅ 3 cycles |
| #4203 |
fix: smart-orchestrator teardown + atlas |
Medium |
✅ 3 cycles |
| #4190 |
fix: CLI entrypoint + patch surfaces |
Medium |
✅ gadugi + pyright |
Full PR Inventory
| PR |
Title |
Risk |
Priority |
Tests |
Notes |
| #4297 |
fix(install): samefile guard |
Low |
Med |
✅ 3 |
NEW TODAY — labels applied this run |
| #4245 |
fix(recipes): heredoc → env-var |
Med |
High |
❌ |
Security fix; most complete of 3 overlapping PRs |
| #4236 |
fix(recipes): step-03 quoting + PR URL |
Med |
High |
❌ |
Overlaps with #4245 |
| #4234 |
Fix: Issue #4233 (external) |
Low |
Low |
❌ |
Auto-generated external PR; manual review needed |
| #4228 |
fix: step-03 shell quoting |
Med |
High |
✅ 171 |
Overlaps with #4245 |
| #4216 |
feat: ANTHROPIC_DISABLED flag |
Med |
Med |
✅ 41 |
Multi-file feature, well-tested |
| #4207 |
fix: SEARCH_TITLE + unsafe conditions |
Low |
High |
✅ |
CI green, merge-ready |
| #4203 |
fix: orchestrator teardown + atlas |
Med |
High |
✅ |
CI green, merge-ready |
| #4199 |
fix: rust runner auto-update |
Low |
Med |
❌ |
Small targeted fix |
| #4198 |
fix: copilot flag guard |
Low |
Med |
❌ |
Small targeted fix |
| #4190 |
fix: CLI entrypoint |
Med |
Med |
✅ |
CI green, merge-ready |
| #4186 |
docs: TIMEOUT_LIFECYCLE.md |
Low |
Low |
✅ 19 |
Docs-only |
| #4112 |
docs: API keys clarification |
Low |
Low |
❌ |
External; duplicate of #3984 |
| #3984 |
docs: API keys clarification |
Low |
Low |
❌ |
External; duplicate of #4112 |
Generated by PR Triage Agent · ◷
Triage run: 2026-04-10T05:00Z | Workflow run: 24230287000
Previous run: 2026-03-26 | Open PRs triaged: 14 | New this run: #4297
Summary
Action Required
🔴 Resolve overlapping shell-quoting PRs (#4228, #4236, #4245)
Three open PRs address the same root cause (shell injection via heredoc substitution in recipe runner steps):
triage:security-reviewtriage:security-reviewRecommendation: Review and pick one approach. #4245 appears most complete (different mechanism — direct env-var instead of heredoc quoting, covers same steps + more). Close the superseded PRs after merging the chosen fix.
🟡 Resolve duplicate docs PRs (#3984, #4112)
Two external contributors independently fixed the same issue (#3844):
Recommendation: Pick one and close the other with thanks.
Merge-Ready PRs (per PR self-reports)
These PRs claim CI-green + quality-audit converged status:
Full PR Inventory