Files
awesome-copilot/docs
Swetha Kumar d203b6ee69 Rename mcp-security-baseline -> mcp-implementation-security-review and sharpen description (#2257)
Renames the skill so its name makes the source-code-review scope explicit and
distinct from the existing config-focused `mcp-security-audit` skill (the
duplicate-detection check flagged the shared `mcp-security-` prefix; it is
advisory only). Also sharpens the description's first line to lead with
"implementation source code of MCP servers, clients, and tool handlers".

- Rename folder skills/mcp-security-baseline -> skills/mcp-implementation-security-review
- Update name field and H1 heading to match
- Regenerate docs/README.skills.md

Co-authored-by: Swetha Kumar <16600902+Swethakumar1@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-07-10 07:43:32 +10:00
..
2025-10-29 06:07:13 +11:00

Agentic Workflows

Agentic Workflows are AI-powered repository automations that run coding agents in GitHub Actions. Defined in markdown with natural language instructions, they enable event-triggered and scheduled automation with built-in guardrails and security-first design.

How to Contribute

See CONTRIBUTING.md for guidelines on how to contribute new workflows, improve existing ones, and share your use cases.

How to Use Agentic Workflows

What's Included:

  • Each workflow is a single .md file with YAML frontmatter and natural language instructions
  • Workflows are compiled to .lock.yml GitHub Actions files via gh aw compile
  • Workflows follow the GitHub Agentic Workflows specification

To Install:

  • Install the gh aw CLI extension: gh extension install github/gh-aw
  • Copy the workflow .md file to your repository's .github/workflows/ directory
  • Compile with gh aw compile to generate the .lock.yml file
  • Commit both the .md and .lock.yml files

To Activate/Use:

  • Workflows run automatically based on their configured triggers (schedules, events, slash commands)
  • Use gh aw run <workflow> to trigger a manual run
  • Monitor runs with gh aw status and gh aw logs

When to Use:

  • Automate issue triage and labeling
  • Generate daily status reports
  • Maintain documentation automatically
  • Run scheduled code quality checks
  • Respond to slash commands in issues and PRs
  • Orchestrate multi-step repository automation
Name Description Triggers
Daily Issues Report Generates a daily summary of open issues and recent activity as a GitHub issue schedule
OSPO Contributors Report Monthly contributor activity metrics across an organization's repositories. schedule, workflow_dispatch
OSPO Organization Health Report Comprehensive weekly health report for a GitHub organization. Surfaces stale issues/PRs, merge time analysis, contributor leaderboards, and actionable items needing human attention. schedule, workflow_dispatch
OSPO Stale Repository Report Identifies inactive repositories in your organization and generates an archival recommendation report. schedule, workflow_dispatch
OSS Release Compliance Checker Analyzes a target repository against open source release requirements and posts a detailed compliance report as an issue comment. issues, workflow_dispatch
Relevance Check Slash command to evaluate whether an issue or pull request is still relevant to the project slash_command, roles
Relevance Summary Manually triggered workflow that summarizes all open issues and PRs with a /relevance-check response into a single issue workflow_dispatch
Weekly Comment Sync Weekly workflow that finds stale code comments or README snippets, makes text-only synchronization updates, and opens a draft pull request when changes are needed. schedule, workflow_dispatch