mirror of
https://github.com/github/awesome-copilot.git
synced 2026-07-14 01:51:02 +00:00
72fae201df
* Add mcp-security-baseline skill An Agent Skill that reviews MCP server and client source code against a security baseline (5 controls, 7 RCE vectors, OWASP MCP Top 10) and produces a compliance report with file/line evidence. Complements mcp-security-audit, which checks .mcp.json configuration. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address review feedback: remove ignored keywords field, link MCP spec - Remove the top-level `keywords` field: it is not a recognized skill front-matter field and is ignored (skills are indexed for search by name + description only). The keyword terms are already present in the description, so discovery is unaffected. - Link the MCP 2025-03-26 specification at the protocol-version check so the agent has it for quick reference. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address review feedback: fix unsafe-deserialization example, link current MCP spec - Change the unsafe-deserialization example from `yaml.load(..., Loader=yaml.FullLoader)` to `Loader=yaml.UnsafeLoader` to reflect genuinely unsafe usage. - Add a link to the current MCP spec revision (2025-11-25) alongside the 2025-03-26 baseline on the protocol-version check. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Swetha Kumar <16600902+Swethakumar1@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Aaron Powell <me@aaron-powell.com>