- Update migration agent guidelines to prioritize extension tool usage for code migration.
- Refine migration phases with detailed steps for pre-migration review and schema migration.
- Add new reviewing skill references for PostgreSQL materialized view refresh and UNION ALL planner risks.
- Ensure consistency in collation handling and testing strategies across skills.
Co-authored-by: TCPrimedPaul <paul.delannoy@tc.gc.ca>
* Add arch plugin (architecture + modernization skills)
Add the `arch` plugin with two skills:
- `arch:document` — produce a single, cited architecture document for a
locally-cloned repo, reading files on disk only.
- `arch:modernize` — generate a phased modernization plan, auto-running the
document workflow first when no architecture doc exists.
Skill sources live in top-level skills/ and are referenced declaratively
from plugins/arch/.github/plugin/plugin.json, per the repo's plugin model.
Regenerated docs/README.plugins.md, docs/README.skills.md and marketplace.json.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Merge arch skills into single doc-and-modernize skill
Collapse the document and modernize skills into one standalone skill
(doc-and-modernize) with Documentation and Modernization modes, keeping
the plugin named arch. Modernization mode now runs the Documentation
workflow inline instead of invoking a separate arch:document skill,
fixing standalone-install cross-skill references. Reframe Documentation
mode as local-first (remote/API lookups are a flagged last resort)
rather than local-only. Regenerate docs and marketplace.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address PR review: list skill by bare ID in arch README
Use 'doc-and-modernize' (repo convention) instead of the namespaced
'arch:doc-and-modernize', noting it surfaces as arch:doc-and-modernize
when installed via the plugin.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address PR review: use non-HTML placeholder in instructions template
Change plain-text <PROJECT NAME> to [PROJECT NAME] in the header and
first paragraph so Markdown renderers don't parse it as an HTML tag and
drop it. The code-span `<N>` on the phase line is unaffected.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address PR review + fix codespell CI failure
- Fix codespell: pre-empts -> preempts in the instructions template
- Consistent terminology: replace 'research step/workflow' with
'Documentation mode' in SKILL.md, README, and plugin.json description
- Fix run-on: add 'that' before 'Modernization mode must surface'
- Regenerate docs/marketplace for the updated plugin description
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address PR review feedback
- Instruct redacting credentials/tokens from git remote URLs before recording
- CI enforcement: ask user or mark [UNVERIFIED]; remote lookup is flagged last resort
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: samqbush <samqbush@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Renames the skill so its name makes the source-code-review scope explicit and
distinct from the existing config-focused `mcp-security-audit` skill (the
duplicate-detection check flagged the shared `mcp-security-` prefix; it is
advisory only). Also sharpens the description's first line to lead with
"implementation source code of MCP servers, clients, and tool handlers".
- Rename folder skills/mcp-security-baseline -> skills/mcp-implementation-security-review
- Update name field and H1 heading to match
- Regenerate docs/README.skills.md
Co-authored-by: Swetha Kumar <16600902+Swethakumar1@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Add foundry-hosted-agent-copilotkit skill (development-focused)
Reworked from PR #2090 feedback: drops all scaffolding/sample-template
content and focuses on ongoing development with CopilotKit + AG-UI +
Azure AI Foundry hosted agents — adding/gating tools, human-in-the-loop
approvals, generative UI and shared state, event-stream debugging,
pre-1.0 dependency upgrades, and the hosted-agent deploy loop.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* Add HITL code examples to foundry-hosted-agent-copilotkit skill
Address review feedback: the .NET approval paragraph was prose-only.
Add a .NET snippet from the official Step04_HumanInLoop sample and
correct the type/behavior (ToolApprovalRequestContent; convert—not
remove—the request_approval call/result). Also add live-verified
Python snippets for hosted-agent approval-forwarding (#6652) and the
previous_response_id #6851 guard.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---------
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Add mcp-security-baseline skill
An Agent Skill that reviews MCP server and client source code against a security
baseline (5 controls, 7 RCE vectors, OWASP MCP Top 10) and produces a compliance
report with file/line evidence. Complements mcp-security-audit, which checks
.mcp.json configuration.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address review feedback: remove ignored keywords field, link MCP spec
- Remove the top-level `keywords` field: it is not a recognized skill
front-matter field and is ignored (skills are indexed for search by
name + description only). The keyword terms are already present in the
description, so discovery is unaffected.
- Link the MCP 2025-03-26 specification at the protocol-version check so
the agent has it for quick reference.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address review feedback: fix unsafe-deserialization example, link current MCP spec
- Change the unsafe-deserialization example from `yaml.load(..., Loader=yaml.FullLoader)`
to `Loader=yaml.UnsafeLoader` to reflect genuinely unsafe usage.
- Add a link to the current MCP spec revision (2025-11-25) alongside the 2025-03-26
baseline on the protocol-version check.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Swetha Kumar <16600902+Swethakumar1@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Aaron Powell <me@aaron-powell.com>
* Add pester-should-migration skill (experimental)
Companion to the pester-migration skill. Focuses on the optional move from
the classic v5 `Should -Be` assertion syntax to the new v6 `Should-*`
assertions (e.g. `Should -Be` -> `Should-Be`). Includes a full
operator-by-operator mapping and the behavioral gotchas (negation as a
separate command, BeExactly -> Should-BeString -CaseSensitive, truthy/falsy
vs strict bool, BeNullOrEmpty split, collections, pipeline unwrapping).
Marked experimental/preview: verified against Pester 6.0.0-rc2; the new
Should-* assertions may still change before the 6.0 release.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Trim experimental status callout in pester-should-migration
Address review feedback: drop the time-based, human-oriented preview guidance (release-candidate timing, "as of mid-2026", release-notes link) from the status callout, keeping a lean experimental marker. The agent has no concept of time, so that prose is just extra tokens.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Awesome Copilot Community <awesome-copilot-community@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Aaron Powell <me@aaron-powell.com>
* Add pester-migration skill
A self-contained, experimental skill that helps upgrade PowerShell Pester
test suites across major versions (v3->v4, v4->v5, v5->v6). One router
SKILL.md plus per-jump references. The v5->v6 guidance tracks Pester 6,
which is still a release candidate.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Regenerate skills index for pester-migration
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address review feedback on pester-migration skill
- Pin the stable-v5 install to -MaximumVersion 5.99.99 so it keeps
installing v5 after Pester 6 goes GA (SKILL.md).
- Make the baseline run command version-agnostic (bare Invoke-Pester)
and note that parameters differ across majors (SKILL.md).
- Replace the '->' mapping arrows inside powershell fences with
comment + valid replacement lines so snippets are copy/paste-safe
(SKILL.md v5->v6 cheat sheet, v5-to-v6.md, and v3-to-v4.md).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address review: scope -SkipPublisherCheck, trim status callout, order references
- Drop -SkipPublisherCheck from the default install commands; scope it to
Windows PowerShell 5.1 (installing over the OS's Microsoft-signed built-in
Pester 3) per pester.dev install docs, instead of an unconditional default.
- Trim the experimental status callout: keep the preview marker, drop the
date-based, human-oriented wording.
- Reorder the References table into version progression order (v3->v4, v4->v5,
v5->v6).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: nohwnd <jakub@jares.cz>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Aaron Powell <me@aaron-powell.com>
* Add copilot-pr-autopilot skill
Skill that drives any GitHub pull request through repeated rounds of
Copilot Code Review until the agent has either resolved every thread
or explicitly escalated it to the human. Triggered via GraphQL (no
@copilot mention needed), triages every open thread with a fix /
decline / escalate rubric, replies and resolves each thread citing
the pushed SHA, then re-triggers until HEAD is reviewed with zero
threads awaiting the agent's reply.
Includes step scripts (01 request-review, 02 check-review-status,
03 list-open-threads, 08 reply-and-resolve, 10 cleanup-outdated),
shared library (_lib.ps1) with gh-CLI wrappers (Invoke-Gh,
Invoke-GhGraphQL, ConvertFrom-GhJson, Assert-GhReady), reply
templates, and reference docs for each step.
Repo-agnostic. Requires gh CLI on PATH and repo Triage/Write for
full autopilot; external PR authors get single-iteration mode with
manual re-trigger via the UI re-request button or a substantive
push.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address review: split per-step references + add recap-gate circuit breaker
- Fix#1: give steps 1/7/10 their own reference files
(01-request-review.md, 07-commit-push.md, 10-cleanup.md); trim the
inline bodies out of orchestration.md so it stays cross-cutting only.
- Fix#3: add a recurring round-cap & recap gate to 09-convergence.md —
default STOP every 10th round, recap all prior rounds, detect drift
(out-of-scope / over-engineering / wrong-direction / belongs-in-separate-PR)
with CONTINUE / REVERT-AND-SHIP / HAND-OFF verdicts. Agent reasoning,
no new script.
- Surface the gate from SKILL.md and orchestration.md; regenerate
docs/README.skills.md. Markdown-only change; scripts unchanged.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* docs(copilot-pr-autopilot): surface recap gate in decision pseudo-code; clarify Copilot+human convergence and round definition
- Inject the round-cap recap gate into the '## Decision: loop back or exit'
pseudo-code else-branch so an agent following the code block (not just the
prose) runs the STOP-every-10th-round check before looping.
- Broaden the 'never terminal' paragraph: non-convergence is driven by a
Copilot finding OR a human review comment (this skill handles both); the
loop ends only when there are no new comments from either source AND every
open thread (Copilot or human) has an agent reply/escalation.
- Define a 'round' explicitly as one execution of step 1 (01-request-review),
i.e. one Copilot-review trigger — the cap counts review rounds, not tool
calls or fix edits.
Markdown-only; no script changes.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* copilot-pr-autopilot: make recap-gate round count deterministic
Add 09-review-round.ps1: counts Copilot Code Review submissions straight
from the PR's API history (full GraphQL pagination), so the recap-gate
trigger is a derived number, not a fallible agent mental tally. This
removes the exact failure mode the skill exists to survive — a count
drifting across a long run (the real 156-round case).
The script reports Round + RecapDue (Round % RecapInterval == 0) only;
it never stops the loop or picks the verdict. CONTINUE / REVERT-AND-SHIP
/ HAND-OFF stays agent reasoning. 09-convergence.md updated to reference
the deterministic count while preserving 'no script stops the loop' and
'non-convergence = Copilot finding OR human comment'.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Regenerate docs/README.skills.md for copilot-pr-autopilot (add 09-review-round.ps1)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* azure-devops-cli: handle long comments on Windows (#2061)
On Windows 'az' is a cmd.exe batch wrapper capped at ~8191 characters,
so a long --discussion / --description value silently truncates or
fails. Document three verified ways out so the coding agent doesn't
waste 3-5 turns falling back to raw token retrieval and REST:
1. azps.ps1 in PowerShell on Windows. Same Azure CLI, invoked through
the Python entry point with no cmd.exe length cap. Pair with
'Get-Content -Raw' so the body lives in a variable, not on the
command line.
2. Native --file-path flags where Azure CLI offers them. Applies to
'az devops wiki page create' and 'az devops wiki page update', both
documented with --encoding.
3. 'az devops invoke --in-file' as the universal escape hatch for
commands with no --file-path (work-item --discussion, PR
--description). Documented example posts to the work item
comments REST endpoint with api-version 7.0-preview.3.
The earlier draft suggested the Azure CLI '@<file>' convention as a
generic substitute for inline string args. The official docs only
document it for JSON parameters and the CLI source uses
'get_file_json' specifically, so the claim is removed and replaced
with an explicit warning not to rely on it for plain string args.
Files touched:
- skills/azure-devops-cli/SKILL.md: new 'Posting long comments on
Windows' section with shell-detection table and three verified
options.
- skills/azure-devops-cli/references/boards-and-iterations.md: short
pointer at each --discussion example back to SKILL.md, plus an
inline PowerShell snippet.
Closes#2061.
* azure-devops-cli: move long-comments guidance to reference file (#2061 review)
aaronpowell asked for the Windows long-comments section to live as a
reference file rather than inline in SKILL.md, so the token weight
isn't always loaded into the agent's context.
- Move the "Posting long comments on Windows" section to a new
references/long-comments-on-windows.md verbatim.
- Strip the section from SKILL.md (56 fewer lines in the always-loaded
surface).
- Add the new file to the Reference Files table in SKILL.md with a
one-line "when to read" hint covering --discussion, --description,
and --content failures on Windows.
- Update the two pointer comments in references/boards-and-iterations.md
to point at the new reference file instead of the SKILL.md section.
docs/README.skills.md regenerated by 'npm run build' to pick up the
new reference file in the skill's bundled assets column.
The `name` frontmatter was `AWS CloudWatch Investigation`, which violated the Agent Skills spec and failed `npm run skill:validate` on main: name must be lowercase letters, numbers, and hyphens and must match the folder name (`aws-cloudwatch-investigation`). Correct the name and regenerate docs/README.skills.md so the validator passes (365/365) and the skills table renders consistently with every other entry.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* feat: add technical job search instructions for CV tailoring, cover letters, and offer evaluation
* chore: regenerate README.instructions.md after adding job search instructions
* refactor: convert technical-job-search from instruction to skill
Per reviewer feedback, instructions load on every turn and waste tokens
for content that is only useful during active job search sessions. A skill
is opted into explicitly, making this a better fit.
- Remove instructions/technical-job-search.instructions.md
- Add skills/technical-job-search/SKILL.md with equivalent content
- Update docs/README.instructions.md and docs/README.skills.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore: regenerate README.skills.md
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* Add setup-my-iq skill
* Use forward-slash separators in setup-my-iq context pointers for cross-platform portability
* Fix stale step references (9c->10c, 9d->10d) in setup-my-iq SKILL.md
* aws plugin and adding few more aws agents
* updating the agent def
* fixed around skill validator results.
---------
Co-authored-by: Preyas Prakasan <preyasprakasan@Preyass-MacBook-Pro.local>
Replace the Bash namecheap.sh with a stdlib-only Python CLI (namecheap.py)
that resolves all Copilot PR review feedback:
- Cache the public IP once per run instead of per request
- Build API requests in-process via urllib so the API key never appears
in process argv or shell history
- Broaden multi-part TLD detection (co.uk, com.au, etc.) and document the
limitation
- Allow setup to update existing stored credentials
- Stop soliciting the API key via chat; use terminal getpass or env vars
- Remove non-portable Bash constructs (inline local, grep -oP)
Also normalize domain casing, preserve MX priority 0, accept
case-insensitive record types, and handle mixed-case email-forwarding
attributes. Update SKILL.md and regenerate the skills README.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* feat: add conventional-branch skill
Add a new agent skill for creating Git branches following the
Conventional Branch specification. The skill covers branch naming
rules, valid/invalid examples, type prefixes (feature/, bugfix/,
hotfix/, release/, chore/), trunk branch detection, and a
step-by-step workflow for branch creation.
The skill complements the existing conventional-commit skill and
references the specification at https://conventional-branch.github.io.
* fix: use explicit numbered workflow steps in conventional-branch skill
Replace markdown heading-based workflow steps (### 1., ### 2.)
with explicit 'Step N — Title' format for better agent
comprehension.
* Add visual-pr plugin: screenshot capture, annotation, PR embedding, and screen recording
Four skills that teach Copilot to capture UI screenshots (Playwright + PIL),
annotate them with algorithmic label placement, embed before/after images
in PR descriptions, and record animated GIF demos.
Includes demo images showing the annotation engine on GitHub Issues.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Update generated README tables and marketplace.json
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Embed annotate.py module in image-annotations skill
The full working module (annotate_image, grid_image, diff_images) is now
included as a code block so users can save it as annotate.py and import
directly. Scrubbed project-specific labels from examples.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address review feedback: mss.mss() context manager, fix RECT struct, consistent placeholder
- Use mss.mss() context manager instead of mss.MSS() (ui-screenshots, screen-recording)
- Fix broken RECT struct in window+GIF combining example (screen-recording)
- Consistent projectId placeholder in AzDO upload example (pr-screenshots)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fresh pull of updated stage with 2 skills and updated README only
* adjusted skills after feedback and used skill analyser to review
---------
Co-authored-by: Mark Heynes <mutl3y@heynes.biz>
Adds a skill that lets users generate images (icons, sprites, textures,
mockups) directly from their coding workflow using OpenAI gpt-image-2 or
Google Gemini. BYO API key — the skill guides users through setup on
first use.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* feat: add prompt-optimizer skill for enhancing prompt quality in chat interfaces
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* fix: update prompt handling to include clarifying questions for incomplete requests
---------
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Remove all bundled polyglot-test-agent content (8 agents, 1 skill,
plugin metadata) and add dotnet-test as an external plugin from
dotnet/skills. The external plugin is a superset (11 agents, 22 skills).
Marketplace and doc indexes regenerated via npm run build.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Add complete skill for Slang shader language
- Included the full Offical Slang LLM documentation.
- Included sections on language features, interfaces, generics, automatic differentiation, modules, capabilities system, compiling code, reflection API, compilation targets, and FAQs.
- Allows agents to write comprehensive slang code for graphics and compute shaders.
* Fix for conflicting description matches established skill conventions
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Rebuilds branch from upstream/staged (was previously merged from
upstream/main, which brought in materialized plugin files that
fail Check Plugin Structure on PRs targeting staged).
Changes vs. staged:
- Update skills/quality-playbook/ to v1.5.6 (31 bundled assets:
SKILL.md + LICENSE.txt + 16 references/ + 9 phase_prompts/ +
3 agents/ + bin/citation_verifier.py + quality_gate.py).
- Add agents/quality-playbook.agent.md (top-level orchestrator).
name: quality-playbook (validator-compliant).
- Update docs/README.skills.md quality-playbook row description
+ bundled-assets list to v1.5.6.
- Fix 'unparseable' → 'unparsable' in quality_gate.py (5 instances;
codespell preference, both spellings valid).
Closes the v1.4.0 → v1.5.6 update in a single clean commit on top of
upstream/staged. The preserved backup branch backup-bedbe84-pre-rebuild
(SHA bedbe848fa3c0f0eda8e653c42b599a17dd2e354) holds the prior history for reference.