- Fix browser leak in render_url_to_pdf (try/finally around Playwright)
- Remove setup.sh references from SKILL.md (not bundled in plugin)
- Use consistent <path-to>/eyeball.py paths in SKILL.md
- Update plugin README install instructions for awesome-copilot
- Add Windows pywin32 install step to SKILL.md
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Fix resource leaks (pdf_doc closed in finally blocks)
- Fix Windows Word COM automation (DispatchEx, proper cleanup)
- Fix converter order (Word before LibreOffice on Windows)
- Add source file existence checks with clear errors
- Fix Playwright cache detection for all platforms
- Fix setup.sh error handling (pipefail)
- Fix AppleScript path injection
- Fix highlight padding scaling with DPI
- Add pywin32 as Windows dependency
- Update README with Windows setup instructions
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Make PyMuPDF/Pillow/python-docx imports soft so setup-check runs
without dependencies installed
- Add _check_core_deps() guard at CLI command entry points
- Add Windows Word detection in setup-check
- Remove references to setup.sh (not included in plugin)
- Fix usage docstring to show inline JSON instead of filename
- Use consistent <path-to>/eyeball.py paths in SKILL.md
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Eyeball generates Word documents where every factual claim includes a
highlighted screenshot from the source material. Supports PDFs, Word
docs, and web URLs. Designed for verifying AI-generated document
analysis against the original source.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Add 9 Arize LLM observability skills
Add skills for Arize AI platform covering trace export, instrumentation,
datasets, experiments, evaluators, AI provider integrations, annotations,
prompt optimization, and deep linking to the Arize UI.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Add 3 Phoenix AI observability skills
Add skills for Phoenix (Arize open-source) covering CLI debugging,
LLM evaluation workflows, and OpenInference tracing/instrumentation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Ignoring intentional bad spelling
* Fix CI: remove .DS_Store from generated skills README and add codespell ignore
Remove .DS_Store artifact from winmd-api-search asset listing in generated
README.skills.md so it matches the CI Linux build output. Add queston to
codespell ignore list (intentional misspelling example in arize-dataset skill).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Add arize-ax and phoenix plugins
Bundle the 9 Arize skills into an arize-ax plugin and the 3 Phoenix
skills into a phoenix plugin for easier installation as single packages.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Fix skill folder structures to match source repos
Move arize supporting files from references/ to root level and rename
phoenix references/ to rules/ to exactly match the original source
repository folder structures.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Fixing file locations
* Fixing readme
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add Step 5a (state machine completeness analysis) and expand Step 6
with missing safeguard detection patterns. These catch two categories
of bugs that defensive pattern analysis alone misses: unhandled states
in lifecycle/status machines, and operations that commit users to
expensive work without adequate preview or termination conditions.
* feat: add GDPR-compliant engineering practices skill documentation
* Add GDPR compliance references for Security and Data Rights
- Introduced a comprehensive Security.md file detailing encryption, password hashing, secrets management, anonymization, cloud practices, CI/CD controls, and incident response protocols.
- Created a Data Rights.md file outlining user rights implementation, Record of Processing Activities (RoPA), consent management, sub-processor management, and DPIA triggers.
* Refine GDPR compliance documentation by removing unnecessary symbols and ensuring clarity in security and data rights references
* refactor: streamline description formatting in GDPR compliance skill documentation
---------
Co-authored-by: Aaron Powell <me@aaron-powell.com>
* Add threat-model-analyst skill: STRIDE-A threat modeling for repositories
Add a comprehensive threat model analysis skill that performs security audits
using STRIDE-A (STRIDE + Abuse) threat modeling, Zero Trust principles, and
defense-in-depth analysis.
Supports two modes:
- Single analysis: full STRIDE-A threat model producing architecture overviews,
DFD diagrams, prioritized findings, and executive assessments
- Incremental analysis: security posture diff between baseline report and current
code, producing standalone reports with embedded comparison
Includes bundled reference assets:
- Orchestrator workflows (full and incremental)
- Analysis principles and verification checklists
- Output format specifications and skeleton templates
- DFD diagram conventions and TMT element taxonomy
* Address PR review comments from Copilot reviewer
- Fix SKILL.md description: use single-quoted scalar, rename mode (2) to
'Incremental analysis' with accurate description
- Replace 'Compare Mode (Deprecated)' sections with 'Comparing Commits or
Reports' redirect (no deprecated language for first release)
- Fix skeleton-findings.md: move Tier 1 table rows under header, add
CONDITIONAL-EMPTY block after END-REPEAT (matching Tier 2/3 structure)
- Fix skeleton-threatmodel.md and skeleton-architecture.md: use 4-backtick
outer fences to avoid nested fence conflicts with inner mermaid fences
- Fix skeleton-incremental-html.md: correct section count from 9 to 8
- Fix output-formats.md: change status 'open' to 'Open' in JSON example,
move stride_category warning outside JSON fence as blockquote
- Fix incremental-orchestrator.md: replace stale compare-output-formats.md
reference with inline color conventions
- Regenerate docs/README.skills.md with updated description
* Address second round of Copilot review comments
- Fix diagram-conventions.md: bidirectional flow notation now uses <-->
matching orchestrator.md and DFD templates
- Fix tmt-element-taxonomy.md: normalize SE.DF.SSH/LDAP/LDAPS to use
SE.DF.TMCore.* prefix consistent with all other data flow IDs
- Fix output-formats.md: correct TMT category example from SQLDatabase
to SQL matching taxonomy, fix component type from 'datastore' to
'data_store' matching canonical enum, remove DaprSidecar from
inbound_from per no-standalone-sidecar rule
- Fix 5 skeleton files: clarify VERBATIM instruction to 'copy the
template content below (excluding the outer code fence)' to prevent
agents from wrapping output in markdown fences
- Genericize product-specific names in examples: replace edgerag with
myapp, BitNetManager with TaskProcessor, AzureLocalMCP with MyApp.Core,
AzureLocalInfra with OnPremInfra, MilvusVectorDB with VectorDB
* Address third round of Copilot review comments
- Fix diagram-conventions.md: second bidirectional two-arrow pattern in
Quick Reference section now uses <-->
- Fix incremental-orchestrator.md: renumber HTML sections 5-9 to 4-8
matching skeleton-incremental-html.md 8-section structure
- Fix output-formats.md: add incremental-comparison.html to File List
as conditional output for incremental mode
- Fix skeleton-inventory.md: add tmt_type, sidecars, and boundary_kind
fields to match output-formats.md JSON schema example
* Add draw-io diagram generator skill for awesome github copilot
* Add comprehensive shape libraries and style reference documentation for draw.io
- Introduced a new markdown file for draw.io shape libraries detailing various built-in shapes, their style keys, and usage.
- Added a complete style reference for `<mxCell>` elements, including universal style keys, shape-specific keys, edge styles, and color palettes.
- Included examples for common styles and shapes to aid users in creating diagrams effectively.
* Add draw-io diagram validation and shape addition scripts
* Add new diagram templates for flowchart, sequence, and UML class diagrams
- Created a flowchart template with a structured layout including start, steps, decision points, and end.
- Added a sequence diagram template illustrating interactions between a client, API server, and database with activation boxes and message arrows.
- Introduced a UML class diagram template featuring an interface, classes, attributes, methods, and relationships, including composition and realization.
* Add draw-io diagram generator skill to README with detailed usage instructions and bundled assets
* Add draw.io instructions with workflow, XML structure rules, style conventions, and validation checklist
* Add draw.io diagram standards to README instructions for enhanced diagram creation and editing
* Moving diagram templates to assets/ to follow agentskills structure
- Moved flowchart template with start, steps, decision points, and end nodes.
- Moved sequence diagram template illustrating interactions between a client, API server, and database.
- Moved UML class diagram template featuring an interface, classes, attributes, methods, and relationships.
* Clarify installation instructions for draw.io VS Code extension in SKILL.md
* Add roundup plugin: self-configuring status briefing generator
Adds a new plugin with two skills:
- roundup-setup: Interactive onboarding that learns the user's communication
style from examples, discovers available data sources, and builds audience
profiles. Writes a persistent config to ~/.config/roundup/config.md.
- roundup: Generates draft status briefings on demand by pulling from
configured sources (GitHub, M365, Slack, Google Workspace, etc.) and
synthesizing in the user's learned style for any defined audience.
Platform-agnostic by design -- adapts to whatever MCP tools are available
in the user's environment rather than assuming specific integrations.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address PR review comments
- Fix 'use roundup' help text to clarify multi-audience behavior instead
of referencing a nonexistent 'default audience'
- Split bundled 'who do you report to + who is on your team' into two
separate ask_user questions per the one-question-at-a-time rule
- Specify ~/Desktop as explicit save path with fallback prompt when
directory doesn't exist
- Tables in README verified as correct markdown (single | delimiters)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Improve example-pasting UX in setup flow
- Make 'paste the whole thing right here' explicit so users aren't
unsure about what/how much to paste
- Confirm receipt more clearly ('grabbed all of that')
- Reframe second example prompt to explain why a second helps
- Cap follow-up asks at two so it doesn't feel nagging
- Note that messy formatting is fine
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Reinforce that more examples = better output
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* feat: add .NET timezone handling guidance and reference materials
* feat: update Finland, Lithuania, Estonia timezone reference in index
* feat: remove Finland, Lithuania, Estonia timezone reference from index
* Apply permission handler requirements across Copilot SDK docs
Co-authored-by: jamesmontemagno <1676321+jamesmontemagno@users.noreply.github.com>
Agent-Logs-Url: https://github.com/jamesmontemagno/awesome-copilot/sessions/adf27a88-92f8-4ca6-b3fe-1204e3bb9963
* Polish permission update formatting in SDK examples
Co-authored-by: jamesmontemagno <1676321+jamesmontemagno@users.noreply.github.com>
Agent-Logs-Url: https://github.com/jamesmontemagno/awesome-copilot/sessions/adf27a88-92f8-4ca6-b3fe-1204e3bb9963
* Fix review comments on SDK permission handling PR
Address 5 review comments from PR #1103:
1. Fix invalid object literal syntax (stray comma) in resumeSession
example in copilot-sdk-nodejs.instructions.md
2. Replace unused PermissionHandler import with actual usage in
cookbook/copilot-sdk/python/recipe/ralph_loop.py (was using
inline lambda instead)
3. Replace unused approveAll import with actual usage in
cookbook/copilot-sdk/nodejs/recipe/ralph-loop.ts (was using
inline handler instead)
4. Add missing PermissionHandler import to 4 Python code snippets
in skills/copilot-sdk/SKILL.md that reference it without importing
5. Add missing approveAll import to 3 TypeScript code snippets
in skills/copilot-sdk/SKILL.md that reference it without importing
* Refactor session creation to improve code formatting and consistency across SDK examples
* Fix formatting: split multi-property lines and put closing braces on own lines
Address review comments on PR #1107:
- Split OnPermissionRequest + Model onto separate lines in Go, C#, TypeScript
- Put closing }); on its own line consistently across all examples
- Fix indentation in SKILL.md Quick Start, CLI URL, Error Handling sections
- Fix cookbook Go multiple-sessions and error-handling formatting
- Fix ralph-loop.md TypeScript indentation
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: jamesmontemagno <1676321+jamesmontemagno@users.noreply.github.com>
- Introduced MockMvcTester for AssertJ-style assertions in Spring MVC testing.
- Added @RestClientTest for testing REST clients with MockRestServiceServer.
- Implemented RestTestClient as a modern alternative to TestRestTemplate.
- Documented migration steps from Spring Boot 3.x to 4.0, including dependency and annotation changes.
- Created an overview of test slices to guide testing strategies.
- Included Testcontainers setup for JDBC testing with PostgreSQL and MySQL.
- Enhanced @WebMvcTest documentation with examples for various HTTP methods and validation.
* Add publish-to-pages agent skill
Agent skill that publishes presentations and web content to GitHub Pages.
Works with any AI coding agent (Copilot CLI, Claude Code, Gemini CLI, etc.)
Features:
- Converts PPTX and PDF with full formatting preservation
- Creates repo, enables Pages, returns live URL
- Zero config — just needs gh CLI
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* docs: update README.skills.md
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Source dataverse plugin from microsoft/Dataverse-skills
The Dataverse plugin was previously bundled locally with a single
mcp-configure skill. It is now sourced externally from
microsoft/Dataverse-skills, which provides the full skill set:
init, setup, metadata, python-sdk, solution, mcp-configure, and overview.
- marketplace.json: update dataverse entry to external source format
- external.json: add Dataverse entry alongside Azure
- plugins/dataverse/: remove local plugin directory (now external)
- skills/mcp-configure/: remove top-level copy (now in external plugin)
- docs/README.plugins.md: update dataverse row with external link
- docs/README.skills.md: note mcp-configure moved to external plugin
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Make dataverse plugin docs generic to avoid stale counts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Remove mcp-configure from skills index — now in external plugin
External plugins don't list their skills in README.skills.md
(consistent with azure-skills).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Revert manual edits to generated files
marketplace.json, README.plugins.md, and README.skills.md are
auto-generated. External plugins are discovered via external.json
and merged into marketplace.json by generate-marketplace.mjs.
Matches the Azure external plugin pattern — no manual doc entries.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Regenerate marketplace.json and docs after external plugin change
Run npm run build to pick up the new external dataverse entry and
remove the old local one from generated files.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Removing a codex-specific agent (model deprecated) and removing model from blueprint mode
* Combining skills into a single skill with an internal decision tree
* Converting agents to skill with decision tree
Closes#998
* Converting agents to skill with decision tree"
Fixes#999
Add a reusable Agent Skill that installs npm packages in Docker sandbox
environments where virtiofs-mounted workspaces cause native binary crashes
(esbuild, lightningcss, rollup). The script installs on local ext4 and
symlinks node_modules back into the workspace.
- SKILL.md with spec-compliant frontmatter and documentation
- scripts/install.sh with security hardening (no eval, readonly paths)
- Updated docs/README.skills.md with new skill entry
Co-authored-by: GeekTrainer <GeekTrainer@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Cleaned up some tool names
* Removing some instructionsThese instructions are no longer useful as the knowledge the add is already well handled by frontier models, so the instructions potentially provide conflicting or incorrect information to the agent while it undertakes a task
* Improved the skill to be more explicit on how to use playwright
* Removing a skill that is of low value
The information captured in this skill is mostly just what is found in the links that are at the top of the references, and thus the model will already have that knowledge available to it, meaning that the skill will potentially provide conflicting guidance to the agent as it works
* Updating readmes
* chore: update ScoutQA skill with issue verification and localhost testing support
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address PR feedback - single-line description and remove create-execution from header
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* doublecheck: auto-escalate to full report for high-risk content
In active (persistent) mode, doublecheck previously used abbreviated
inline verification for all content types, with the full three-layer
report only available if the user explicitly requested it. Most users
did not know the command existed, so high-stakes content (legal
analysis, regulatory guidance) and responses with DISPUTED or
FABRICATION RISK findings were presented with only a summary table.
Changes:
- Auto-escalate to the full verification report when any claim rates
DISPUTED or FABRICATION RISK during inline verification
- Always use the full report for legal analysis, regulatory
interpretation, compliance guidance, and content with case citations
or statutory references
- Update the activation message to mention the 'full report' command
- Add a discoverability footer to inline verification sections
- Update README.md to document the new behavior
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address review feedback: fix table reference, reconcile bullets, clarify callout placement, add trigger phrase
- Table row now references 'high-stakes content rule' (not 'auto-escalation
rule') and lists all content types that match the later rule text
- README first bullet no longer claims legal content gets inline
verification, resolving the contradiction with the next bullet
- Clarify that the 'Heads up' callout goes at the top of the full report
when auto-escalation applies, not in a nonexistent inline section
- Add 'full report' to the explicit trigger phrase list in the 'Offer
full verification on request' rule
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Update README.md
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update README.md
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Add doublecheck plugin: three-layer verification pipeline for AI output
Adds a new plugin that helps users verify AI-generated content before
acting on it. Designed for sensitive contexts (legal, medical, financial,
compliance) where hallucinations carry real consequences.
Three verification layers:
- Self-Audit: extracts verifiable claims, checks internal consistency
- Source Verification: web searches per claim, produces URLs for human review
- Adversarial Review: assumes errors exist, checks hallucination patterns
Supports persistent mode (auto-verifies every factual response inline)
and one-shot mode (full report on specific text). Confidence ratings:
VERIFIED, PLAUSIBLE, UNVERIFIED, DISPUTED, FABRICATION RISK.
Includes:
- Skill (skills/doublecheck/) with bundled report template
- Agent (agents/doublecheck.agent.md) for interactive verification
- Plugin package (plugins/doublecheck/) bundling both
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address review: fix tools YAML format, remove materialized artifacts
- Fix tools frontmatter in agents/doublecheck.agent.md to use standard
YAML list format instead of flow sequence with trailing comma
- Remove plugins/doublecheck/agents/ and plugins/doublecheck/skills/
from tracking; these paths are in .gitignore as CI-materialized
artifacts that should not be committed
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
