mirror of https://github.com/github/awesome-copilot.git synced 2026-04-11 02:35:55 +00:00

Files

Imran Siddique e95bd8c4ba feat: add 3 agent security skills (MCP audit, OWASP compliance, supply chain) (#1248 )

* feat: add 3 agent security skills (MCP audit, OWASP compliance, supply chain)

- mcp-security-audit: Audit .mcp.json files for hardcoded secrets,
  shell injection, unpinned versions, dangerous command patterns
- agent-owasp-compliance: Check agent systems against OWASP ASI 2026
  Top 10 risks with compliance report generation
- agent-supply-chain: SHA-256 integrity manifests, tamper detection,
  version pinning audit, promotion gates for agent plugins

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: address all 9 review comments

1. Added 3 new skills to docs/README.skills.md index
2. Added imports (json, re) to shell injection check snippet
3. Updated unpinned deps wording to match code behavior (@latest only)
4. Moved check_secrets() outside per-server loop to avoid duplicates
5. Added imports note to verify_manifest snippet
6. Updated promotion_check to support both .github/plugin and .claude-plugin layouts
7. Updated CI example to cd into plugin directory before verifying
8. Added check sections for all 10 ASI controls (was missing 03, 04, 06, 08, 10)
9. Made ASI-01 code snippet runnable with actual file scanning implementation

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* chore: regenerate docs/README.skills.md via npm start

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

2026-04-09 15:33:08 +10:00

.gitkeep

Partners (#354 )

2025-10-29 06:07:13 +11:00

README.agents.md

feat: Adds React 18 and 19 migration plugin (#1339 )

2026-04-09 15:18:52 +10:00

README.hooks.md

Add tool guardian hook (#1044 )

2026-03-19 16:06:48 +11:00

README.instructions.md

new instruction use-cliche-data-in-docs.instructions (#1203 )

2026-03-30 08:08:51 +11:00

README.plugins.md

feat: Adds React 18 and 19 migration plugin (#1339 )

2026-04-09 15:18:52 +10:00

README.skills.md

feat: add 3 agent security skills (MCP audit, OWASP compliance, supply chain) (#1248 )

2026-04-09 15:33:08 +10:00

README.workflows.md

Merge branch 'staged' into aw/relevance-check

2026-02-27 10:24:59 +11:00

README.workflows.md

⚡ Agentic Workflows

Agentic Workflows are AI-powered repository automations that run coding agents in GitHub Actions. Defined in markdown with natural language instructions, they enable event-triggered and scheduled automation with built-in guardrails and security-first design.

How to Contribute

See CONTRIBUTING.md for guidelines on how to contribute new workflows, improve existing ones, and share your use cases.

How to Use Agentic Workflows

What's Included:

Each workflow is a single .md file with YAML frontmatter and natural language instructions
Workflows are compiled to .lock.yml GitHub Actions files via gh aw compile
Workflows follow the GitHub Agentic Workflows specification

To Install:

Install the gh aw CLI extension: gh extension install github/gh-aw
Copy the workflow .md file to your repository's .github/workflows/ directory
Compile with gh aw compile to generate the .lock.yml file
Commit both the .md and .lock.yml files

To Activate/Use:

Workflows run automatically based on their configured triggers (schedules, events, slash commands)
Use gh aw run <workflow> to trigger a manual run
Monitor runs with gh aw status and gh aw logs

When to Use:

Automate issue triage and labeling
Generate daily status reports
Maintain documentation automatically
Run scheduled code quality checks
Respond to slash commands in issues and PRs
Orchestrate multi-step repository automation

Name	Description	Triggers
Daily Issues Report	Generates a daily summary of open issues and recent activity as a GitHub issue	schedule
OSPO Contributors Report	Monthly contributor activity metrics across an organization's repositories.	schedule, workflow_dispatch
OSPO Organization Health Report	Comprehensive weekly health report for a GitHub organization. Surfaces stale issues/PRs, merge time analysis, contributor leaderboards, and actionable items needing human attention.	schedule, workflow_dispatch
OSPO Stale Repository Report	Identifies inactive repositories in your organization and generates an archival recommendation report.	schedule, workflow_dispatch
OSS Release Compliance Checker	Analyzes a target repository against open source release requirements and posts a detailed compliance report as an issue comment.	issues, workflow_dispatch
Relevance Check	Slash command to evaluate whether an issue or pull request is still relevant to the project	slash_command, roles
Relevance Summary	Manually triggered workflow that summarizes all open issues and PRs with a /relevance-check response into a single issue	workflow_dispatch