Files
awesome-copilot/docs
prasadgd9022 36b30eb113 Add tm7-threat-model skill for valid TM7 file generation (#2280)
* Add tm7-threat-model skill for valid TM7 file generation

Adds a skill that generates valid Microsoft Threat Modeling Tool (.tm7)
files using the correct WCF DataContractSerializer format, with a minimal
reference file. Includes STRIDE threat generation workflow and a checklist
of common serialization mistakes that corrupt .tm7 files.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Address PR review: sanitize reference model, fix dangling refs, move to assets

- Move example-minimal.tm7 into assets/ per repo convention (aaronpowell).
- Remove personal/corporate metadata from the reference model (Owner,
  Contributors, ChangedBy domain account, project names).
- Make the reference model self-contained: add a second stencil so the data
  flow and threat SourceGuid/TargetGuid/FlowGuid all resolve to real elements.
- Fix SKILL.md threat contract (KeyValueOfstringThreatpc_P0_PhOB with
  b:-prefixed KnowledgeBase fields) to match the bundled reference.
- Reconcile guidance: MetaInformation/Notes/KnowledgeBase are valid schema
  elements and must be preserved; only SecurityGaps/Mitigations are invalid.
- Regenerate docs/README.skills.md and normalize line endings to LF.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Address 2nd review: correct KnowledgeBase placement, valid TypeIds, z:Id uniqueness

- Document KnowledgeBase as a top-level sibling after ThreatMetaData (not embedded)
- Update skeleton to show <ThreatMetaData/>, sibling <KnowledgeBase>, and <Profile>
- Replace TypeIds absent from the bundled KB: AzureCosmosDB -> AzureSQLDB,
  HumanUser -> Mobile, GenericDataFlow -> Request
- Require z:Id uniqueness across the file in the common-mistakes checklist

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* ci: exclude *.tm7 exports from codespell

MTM DataContract .tm7 exports embed base64 icon blobs whose substrings
(oT, bu, wth, mKe, ...) trigger codespell false positives. Skip *.tm7,
matching the existing convention for binary/asset files.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: prasad <prasaddharaskar@gmail.com>
Co-authored-by: Aaron Powell <me@aaron-powell.com>
2026-07-15 09:12:29 +10:00
..
2025-10-29 06:07:13 +11:00

Agentic Workflows

Agentic Workflows are AI-powered repository automations that run coding agents in GitHub Actions. Defined in markdown with natural language instructions, they enable event-triggered and scheduled automation with built-in guardrails and security-first design.

How to Contribute

See CONTRIBUTING.md for guidelines on how to contribute new workflows, improve existing ones, and share your use cases.

How to Use Agentic Workflows

What's Included:

  • Each workflow is a single .md file with YAML frontmatter and natural language instructions
  • Workflows are compiled to .lock.yml GitHub Actions files via gh aw compile
  • Workflows follow the GitHub Agentic Workflows specification

To Install:

  • Install the gh aw CLI extension: gh extension install github/gh-aw
  • Copy the workflow .md file to your repository's .github/workflows/ directory
  • Compile with gh aw compile to generate the .lock.yml file
  • Commit both the .md and .lock.yml files

To Activate/Use:

  • Workflows run automatically based on their configured triggers (schedules, events, slash commands)
  • Use gh aw run <workflow> to trigger a manual run
  • Monitor runs with gh aw status and gh aw logs

When to Use:

  • Automate issue triage and labeling
  • Generate daily status reports
  • Maintain documentation automatically
  • Run scheduled code quality checks
  • Respond to slash commands in issues and PRs
  • Orchestrate multi-step repository automation
Name Description Triggers
Daily Issues Report Generates a daily summary of open issues and recent activity as a GitHub issue schedule
OSPO Contributors Report Monthly contributor activity metrics across an organization's repositories. schedule, workflow_dispatch
OSPO Organization Health Report Comprehensive weekly health report for a GitHub organization. Surfaces stale issues/PRs, merge time analysis, contributor leaderboards, and actionable items needing human attention. schedule, workflow_dispatch
OSPO Stale Repository Report Identifies inactive repositories in your organization and generates an archival recommendation report. schedule, workflow_dispatch
OSS Release Compliance Checker Analyzes a target repository against open source release requirements and posts a detailed compliance report as an issue comment. issues, workflow_dispatch
Relevance Check Slash command to evaluate whether an issue or pull request is still relevant to the project slash_command, roles
Relevance Summary Manually triggered workflow that summarizes all open issues and PRs with a /relevance-check response into a single issue workflow_dispatch
Weekly Comment Sync Weekly workflow that finds stale code comments or README snippets, makes text-only synchronization updates, and opens a draft pull request when changes are needed. schedule, workflow_dispatch