Skip to content

Extend secret-scanning skill with MCP pre-commit scanning support#1154

Closed
felickz wants to merge 11 commits intogithub:mainfrom
forks-felickz:main
Closed

Extend secret-scanning skill with MCP pre-commit scanning support#1154
felickz wants to merge 11 commits intogithub:mainfrom
forks-felickz:main

Conversation

@felickz
Copy link
Copy Markdown
Contributor

@felickz felickz commented Mar 24, 2026
edited
Loading

Pull Request Checklist

  • I have read and followed the CONTRIBUTING.md guidelines.
  • I have read and followed the Guidance for submissions involving paid services.
  • My contribution adds a new instruction, prompt, agent, skill, or workflow file in the correct directory.
  • The file follows the required naming convention.
  • The content is clearly structured and follows the example format.
  • I have tested my instructions, prompt, agent, skill, or workflow with GitHub Copilot.
  • I have run npm start and verified that README.md is up to date.
  • I am targeting the staged branch for this pull request.

Description

Type of Contribution

  • New instruction file.
  • New prompt file.
  • New agent file.
  • New plugin.
  • New skill file.
  • New agentic workflow.
  • Update to existing instruction, prompt, agent, plugin, skill, or workflow.
  • Other (please specify):

Additional Notes

By submitting this pull request, I confirm that my contribution abides by the Code of Conduct and will be licensed under the MIT License.

github-actions Bot and others added 11 commits March 19, 2026 05:07
@github-actions
chore: publish from staged
19f43b1
Initial plan
faf90f6
@felickz
Update secret-scanning skill with MCP pre-commit scanning support
795aa7b 
Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
@felickz
feat: add MCP pre-commit secret scanning to secret-scanning skill
bc0a9bb 
Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
Merge remote-tracking branch: resolve conflicts keeping best of both …
fa25e2f 
…versions
Initial plan
3c5a5cd
@felickz
Reference Advanced Security plugin for MCP pre-commit scanning in sec…
8ffda58 
…ret-scanning skill

Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
@felickz
Merge pull request #2 from forks-felickz/copilot/copilotrevise-secret…
8901630 
…-scanning-instructions

Reference Advanced Security plugin for MCP pre-commit scanning in secret-scanning skill
@felickz
Remove verbose "When to use which" table from secret-scanning SKILL.md
963c3f4 
Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
@felickz
Merge pull request #1 from forks-felickz/copilot/update-secret-scanni…
e26336b 
…ng-skill

Extend secret-scanning skill with MCP pre-commit scanning support
@felickz
Merge remote-tracking branch 'upstream/main'
b659c32 
# Conflicts:
#	docs/README.plugins.md
#	plugins/copilot-sdk/skills/copilot-sdk/SKILL.md
#	plugins/gem-team/agents/gem-browser-tester.md
#	plugins/gem-team/agents/gem-devops.md
#	plugins/gem-team/agents/gem-documentation-writer.md
#	plugins/gem-team/agents/gem-implementer.md
#	plugins/gem-team/agents/gem-orchestrator.md
#	plugins/gem-team/agents/gem-planner.md
#	plugins/gem-team/agents/gem-researcher.md
#	plugins/gem-team/agents/gem-reviewer.md
#	plugins/software-engineering-team/agents/se-gitops-ci-specialist.md
Copilot AI review requested due to automatic review settings March 24, 2026 15:39
Copilot AI reviewed Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the existing secret-scanning skill documentation to cover pre-commit secret scanning workflows for AI coding agents (via GitHub MCP Server) by pointing users to the Advanced Security plugin and its MCP tool.

Changes:

  • Expands the secret-scanning skill description and “When to use” list to include pre-commit scanning in AI coding agent contexts.
  • Adds a new section documenting how to use the Advanced Security plugin for agent-based pre-commit secret scanning.
  • Updates the skills index entry to reflect the expanded scope and plugin reference.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
skills/secret-scanning/SKILL.md Adds documentation for MCP/agent pre-commit scanning and references the Advanced Security plugin.
docs/README.skills.md Updates the secret-scanning table entry description to match the skill’s expanded scope.

Comment thread skills/secret-scanning/SKILL.md
Comment on lines +226 to +227
- Install the `advanced-security` agent plugin
- Use `/secret-scanning` in Copilot Chat
Copy link

Copilot AI Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The VS Code guidance is a bit ambiguous ("Install the advanced-security agent plugin"). In this repo’s plugin docs, VS Code discovery/install is described via @agentPlugins in Extensions search or the “Chat: Plugins” command palette entry. Consider updating these bullets to match that documented flow/terminology so readers can reliably find and install the plugin.

Suggested change
- Install the `advanced-security` agent plugin
- Use `/secret-scanning` in Copilot Chat
- In the Extensions view, search for `@agentPlugins advanced-security` and install **Advanced Security** (`advanced-security@copilot-plugins`)
- Or run the **“Chat: Plugins”** command from the Command Palette and enable the **Advanced Security** agent plugin
- Then use `/secret-scanning` in Copilot Chat to scan changes for secrets before committing

Copilot uses AI. Check for mistakes.
Comment thread skills/secret-scanning/SKILL.md
Comment on lines +220 to +221
**GitHub Copilot CLI:**
```
Copy link

Copilot AI Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The “GitHub Copilot CLI” install instructions use the interactive /plugin install ... command but don’t mention that it must be run inside an interactive Copilot CLI session, and they omit the prerequisite to register the github/copilot-plugins marketplace (per website/src/content/docs/learning-hub/installing-and-using-plugins.md). Consider updating this section to either (a) show the non-interactive CLI command (copilot plugin install advanced-security@copilot-plugins) and include the marketplace add step when needed, or (b) explicitly label the snippet as “from an interactive session” and include /plugin marketplace add github/copilot-plugins if it isn’t already registered.

Suggested change
**GitHub Copilot CLI:**
```
**GitHub Copilot CLI (interactive session):**
```text
/plugin marketplace add github/copilot-plugins

Copilot uses AI. Check for mistakes.
@felickz
Copy link
Copy Markdown
Contributor Author

felickz commented Mar 24, 2026

wrong branch - #1155

@felickz felickz closed this Mar 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@VeVarunSharma VeVarunSharma Awaiting requested review from VeVarunSharma VeVarunSharma is a code owner

@aaronpowell aaronpowell Awaiting requested review from aaronpowell aaronpowell is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@felickz