Extend secret-scanning skill with MCP pre-commit scanning support#1155
Closed
felickz wants to merge 12 commits intogithub:stagedfrom
Closed
Extend secret-scanning skill with MCP pre-commit scanning support#1155felickz wants to merge 12 commits intogithub:stagedfrom
felickz wants to merge 12 commits intogithub:stagedfrom
Conversation
Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
…ret-scanning skill Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
…-scanning-instructions Reference Advanced Security plugin for MCP pre-commit scanning in secret-scanning skill
Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
…ng-skill Extend secret-scanning skill with MCP pre-commit scanning support
# Conflicts: # docs/README.plugins.md # plugins/copilot-sdk/skills/copilot-sdk/SKILL.md # plugins/gem-team/agents/gem-browser-tester.md # plugins/gem-team/agents/gem-devops.md # plugins/gem-team/agents/gem-documentation-writer.md # plugins/gem-team/agents/gem-implementer.md # plugins/gem-team/agents/gem-orchestrator.md # plugins/gem-team/agents/gem-planner.md # plugins/gem-team/agents/gem-researcher.md # plugins/gem-team/agents/gem-reviewer.md # plugins/software-engineering-team/agents/se-gitops-ci-specialist.md
felickz
requested review from
VeVarunSharma,
aaronpowell and
dvelton
as code owners
16 tasks
Contributor
There was a problem hiding this comment.
Pull request overview
This PR appears to (1) update the secret-scanning skill documentation to mention MCP-based pre-commit scanning via an Advanced Security plugin, and (2) add a large set of new plugin agents/skills plus broad plugin.json path changes (agents pointing to directories; skills paths normalized).
Changes:
- Update
docs/README.skills.mddescription for the existingsecret-scanningskill to reference MCP pre-commit scanning support. - Add multiple new agent/skill markdown files across many plugins (MCP dev, Azure, Java, DB, FlowStudio, etc.).
- Refactor many
plugins/**/.github/plugin/plugin.jsonfiles to use"./agents"directory references and remove trailing slashes from skill paths.
Reviewed changes
Copilot reviewed 123 out of 294 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| plugins/mcp-m365-copilot/agents/mcp-m365-agent-expert.md | Adds a new MCP/M365 Copilot expert agent definition. |
| plugins/mcp-m365-copilot/.github/plugin/plugin.json | Points agents to the ./agents directory; normalizes skill paths. |
| plugins/kotlin-mcp-development/agents/kotlin-mcp-expert.md | Adds a Kotlin MCP server development expert agent definition. |
| plugins/kotlin-mcp-development/.github/plugin/plugin.json | Points agents to the ./agents directory; normalizes skill paths. |
| plugins/java-mcp-development/.github/plugin/plugin.json | Points agents to the ./agents directory; normalizes skill paths. |
| plugins/java-development/skills/java-springboot/SKILL.md | Adds a Spring Boot best-practices skill. |
| plugins/java-development/skills/java-junit/SKILL.md | Adds a JUnit 5 best-practices skill. |
| plugins/java-development/skills/java-docs/SKILL.md | Adds a JavaDocs best-practices skill. |
| plugins/java-development/skills/create-spring-boot-java-project/SKILL.md | Adds a skill with steps to scaffold a Spring Boot project. |
| plugins/java-development/.github/plugin/plugin.json | Normalizes skill paths (removes trailing slashes). |
| plugins/go-mcp-development/agents/go-mcp-expert.md | Adds a Go MCP server development expert agent definition. |
| plugins/go-mcp-development/.github/plugin/plugin.json | Points agents to the ./agents directory; normalizes skill paths. |
| plugins/gem-team/agents/gem-reviewer.md | Adds a “gem-reviewer” agent definition. |
| plugins/gem-team/agents/gem-implementer.md | Adds a “gem-implementer” agent definition. |
| plugins/gem-team/agents/gem-documentation-writer.md | Adds a “gem-documentation-writer” agent definition. |
| plugins/gem-team/agents/gem-devops.md | Adds a “gem-devops” agent definition. |
| plugins/gem-team/agents/gem-browser-tester.md | Adds a “gem-browser-tester” agent definition. |
| plugins/gem-team/.github/plugin/plugin.json | Points agents to the ./agents directory. |
| plugins/frontend-web-dev/skills/playwright-generate-test/SKILL.md | Adds a Playwright MCP test generation skill. |
| plugins/frontend-web-dev/skills/playwright-explore-website/SKILL.md | Adds a Playwright MCP exploration skill. |
| plugins/frontend-web-dev/agents/electron-angular-native.md | Adds Electron/Angular/native code review instructions as an agent file. |
| plugins/frontend-web-dev/.github/plugin/plugin.json | Points agents to the ./agents directory; normalizes skill paths. |
| plugins/flowstudio-power-automate/skills/flowstudio-power-automate-mcp/references/connection-references.md | Adds FlowStudio MCP reference documentation. |
| plugins/flowstudio-power-automate/skills/flowstudio-power-automate-mcp/references/action-types.md | Adds FlowStudio MCP action types reference. |
| plugins/flowstudio-power-automate/skills/flowstudio-power-automate-mcp/references/MCP-BOOTSTRAP.md | Adds FlowStudio MCP bootstrap reference. |
| plugins/flowstudio-power-automate/skills/flowstudio-power-automate-debug/references/debug-workflow.md | Adds FlowStudio MCP debugging workflow reference. |
| plugins/flowstudio-power-automate/skills/flowstudio-power-automate-debug/references/common-errors.md | Adds FlowStudio MCP common errors reference. |
| plugins/flowstudio-power-automate/skills/flowstudio-power-automate-build/references/trigger-types.md | Adds FlowStudio MCP trigger templates reference. |
| plugins/flowstudio-power-automate/skills/flowstudio-power-automate-build/references/flow-schema.md | Adds FlowStudio MCP flow schema reference. |
| plugins/flowstudio-power-automate/skills/flowstudio-power-automate-build/references/build-patterns.md | Adds FlowStudio MCP build patterns reference. |
| plugins/flowstudio-power-automate/.github/plugin/plugin.json | Normalizes skill paths (removes trailing slashes). |
| plugins/edge-ai-tasks/.github/plugin/plugin.json | Points agents to the ./agents directory. |
| plugins/doublecheck/skills/doublecheck/assets/verification-report-template.md | Adds a verification report template asset. |
| plugins/doublecheck/agents/doublecheck.md | Adds a “Doublecheck” verification agent definition. |
| plugins/doublecheck/.github/plugin/plugin.json | Points agents to the ./agents directory; normalizes skill paths. |
| plugins/devops-oncall/skills/multi-stage-dockerfile/SKILL.md | Adds a Docker multi-stage best-practices skill. |
| plugins/devops-oncall/agents/azure-principal-architect.md | Adds an Azure principal architect agent definition under devops-oncall. |
| plugins/devops-oncall/.github/plugin/plugin.json | Points agents to the ./agents directory; normalizes skill paths. |
| plugins/dataverse-sdk-for-python/skills/dataverse-python-usecase-builder/SKILL.md | Adds a Dataverse Python use-case builder skill. |
| plugins/dataverse-sdk-for-python/skills/dataverse-python-quickstart/SKILL.md | Adds a Dataverse Python quickstart skill. |
| plugins/dataverse-sdk-for-python/skills/dataverse-python-production-code/SKILL.md | Adds a Dataverse Python production code skill. |
| plugins/dataverse-sdk-for-python/skills/dataverse-python-advanced-patterns/SKILL.md | Adds a Dataverse Python advanced patterns skill. |
| plugins/dataverse-sdk-for-python/.github/plugin/plugin.json | Normalizes skill paths (removes trailing slashes). |
| plugins/database-data-management/skills/postgresql-code-review/SKILL.md | Adds a PostgreSQL code review skill. |
| plugins/database-data-management/agents/postgresql-dba.md | Adds a PostgreSQL DBA agent definition. |
| plugins/database-data-management/agents/ms-sql-dba.md | Adds an MS-SQL DBA agent definition. |
| plugins/database-data-management/.github/plugin/plugin.json | Points agents to the ./agents directory; normalizes skill paths. |
| plugins/csharp-mcp-development/skills/csharp-mcp-server-generator/SKILL.md | Adds a C# MCP server generator skill. |
| plugins/csharp-mcp-development/agents/csharp-mcp-expert.md | Adds a C# MCP expert agent definition. |
| plugins/csharp-mcp-development/.github/plugin/plugin.json | Points agents to the ./agents directory; normalizes skill paths. |
| plugins/csharp-dotnet-development/skills/dotnet-upgrade/SKILL.md | Adds a .NET upgrade planning skill. |
| plugins/csharp-dotnet-development/skills/dotnet-best-practices/SKILL.md | Adds a .NET best-practices skill. |
| plugins/csharp-dotnet-development/skills/csharp-xunit/SKILL.md | Adds an xUnit best-practices skill. |
| plugins/csharp-dotnet-development/skills/csharp-tunit/SKILL.md | Adds a TUnit best-practices skill. |
| plugins/csharp-dotnet-development/skills/csharp-nunit/SKILL.md | Adds an NUnit best-practices skill. |
| plugins/csharp-dotnet-development/skills/csharp-async/SKILL.md | Adds a C# async best-practices skill. |
| plugins/csharp-dotnet-development/skills/aspnet-minimal-api-openapi/SKILL.md | Adds an ASP.NET minimal API/OpenAPI skill. |
| plugins/csharp-dotnet-development/agents/expert-dotnet-software-engineer.md | Adds an expert .NET software engineer agent definition. |
| plugins/csharp-dotnet-development/.github/plugin/plugin.json | Points agents to the ./agents directory; normalizes skill paths. |
| plugins/copilot-sdk/.github/plugin/plugin.json | Normalizes skill path (removes trailing slash). |
| plugins/context-engineering/skills/what-context-needed/SKILL.md | Adds a “what context needed” skill. |
| plugins/context-engineering/skills/refactor-plan/SKILL.md | Adds a refactor planning skill. |
| plugins/context-engineering/skills/context-map/SKILL.md | Adds a context map skill. |
| plugins/context-engineering/agents/context-architect.md | Adds a context architect agent definition. |
| plugins/context-engineering/.github/plugin/plugin.json | Points agents to the ./agents directory; normalizes skill paths. |
| plugins/clojure-interactive-programming/skills/remember-interactive-programming/SKILL.md | Adds a Clojure interactive programming reminder skill. |
| plugins/clojure-interactive-programming/agents/clojure-interactive-programming.md | Adds a Clojure interactive programming agent definition. |
| plugins/clojure-interactive-programming/.github/plugin/plugin.json | Points agents to the ./agents directory; normalizes skill path. |
| plugins/cast-imaging/agents/cast-imaging-structural-quality-advisor.md | Adds a CAST Imaging structural quality advisor agent definition. |
| plugins/cast-imaging/agents/cast-imaging-software-discovery.md | Adds a CAST Imaging software discovery agent definition. |
| plugins/cast-imaging/agents/cast-imaging-impact-analysis.md | Adds a CAST Imaging impact analysis agent definition. |
| plugins/cast-imaging/.github/plugin/plugin.json | Points agents to the ./agents directory. |
| plugins/azure-cloud-development/skills/azure-pricing/references/SERVICE-NAMES.md | Adds Azure Pricing service-name reference. |
| plugins/azure-cloud-development/skills/azure-pricing/references/REGIONS.md | Adds Azure Pricing region-name reference. |
| plugins/azure-cloud-development/skills/azure-pricing/references/COST-ESTIMATOR.md | Adds Azure Pricing cost estimator reference. |
| plugins/azure-cloud-development/skills/azure-pricing/references/COPILOT-STUDIO-RATES.md | Adds Copilot Studio rates reference for pricing skill. |
| plugins/azure-cloud-development/agents/terraform-azure-planning.md | Adds a Terraform-for-Azure planning agent definition. |
| plugins/azure-cloud-development/agents/terraform-azure-implement.md | Adds a Terraform-for-Azure implementation agent definition. |
| plugins/azure-cloud-development/agents/azure-verified-modules-terraform.md | Adds an AVM Terraform agent definition. |
| plugins/azure-cloud-development/agents/azure-verified-modules-bicep.md | Adds an AVM Bicep agent definition. |
| plugins/azure-cloud-development/agents/azure-saas-architect.md | Adds an Azure SaaS architect agent definition. |
| plugins/azure-cloud-development/agents/azure-principal-architect.md | Adds an Azure principal architect agent definition. |
| plugins/azure-cloud-development/agents/azure-logic-apps-expert.md | Adds an Azure Logic Apps expert agent definition. |
| plugins/azure-cloud-development/.github/plugin/plugin.json | Points agents to the ./agents directory; normalizes skill paths. |
| plugins/awesome-copilot/skills/suggest-awesome-github-copilot-skills/SKILL.md | Adds skill suggestions workflow for awesome-copilot skills. |
| plugins/awesome-copilot/skills/suggest-awesome-github-copilot-instructions/SKILL.md | Adds instructions suggestions workflow for awesome-copilot instructions. |
| plugins/awesome-copilot/skills/suggest-awesome-github-copilot-agents/SKILL.md | Adds agent suggestions workflow for awesome-copilot agents. |
| plugins/awesome-copilot/agents/meta-agentic-project-scaffold.md | Adds a meta scaffold agent definition. |
| plugins/awesome-copilot/.github/plugin/plugin.json | Points agents to the ./agents directory; normalizes skill paths. |
| plugins/automate-this/.github/plugin/plugin.json | Normalizes skill path (removes trailing slash). |
| docs/README.skills.md | Updates secret-scanning skill description to mention MCP pre-commit scanning. |
| | [scaffolding-oracle-to-postgres-migration-test-project](../skills/scaffolding-oracle-to-postgres-migration-test-project/SKILL.md) | Scaffolds an xUnit integration test project for validating Oracle-to-PostgreSQL database migration behavior in .NET solutions. Creates the test project, transaction-rollback base class, and seed data manager. Use when setting up test infrastructure before writing migration integration tests, or when a test project is needed for Oracle-to-PostgreSQL validation. | None | | ||
| | [scoutqa-test](../skills/scoutqa-test/SKILL.md) | This skill should be used when the user asks to "test this website", "run exploratory testing", "check for accessibility issues", "verify the login flow works", "find bugs on this page", or requests automated QA testing. Triggers on web application testing scenarios including smoke tests, accessibility audits, e-commerce flows, and user flow validation using ScoutQA CLI. Use this skill proactively after implementing web application features to verify they work correctly. | None | | ||
| | [secret-scanning](../skills/secret-scanning/SKILL.md) | Guide for configuring and managing GitHub secret scanning, push protection, custom patterns, and secret alert remediation. This skill should be used when users need help enabling secret scanning, setting up push protection, defining custom secret patterns, triaging secret scanning alerts, or resolving blocked pushes. | `references/alerts-and-remediation.md`<br />`references/custom-patterns.md`<br />`references/push-protection.md` | | ||
| | [secret-scanning](../skills/secret-scanning/SKILL.md) | Guide for configuring and managing GitHub secret scanning, push protection, custom patterns, and secret alert remediation. For pre-commit secret scanning in AI coding agents via the GitHub MCP Server, this skill references the Advanced Security plugin (`advanced-security@copilot-plugins`). Use this skill when enabling secret scanning, setting up push protection, defining custom patterns, triaging alerts, resolving blocked pushes, or when an agent needs to scan code for secrets before committing. | `references/alerts-and-remediation.md`<br />`references/custom-patterns.md`<br />`references/push-protection.md` | |
There was a problem hiding this comment.
The PR title/description focus on extending the secret-scanning skill, but the diff also introduces many unrelated new agents/skills and broad plugin manifest changes across numerous plugins. Please either (mandatory) update the PR description to reflect the full scope, or (recommended) split this into separate PRs (e.g., one for secret-scanning doc update, one for plugin manifest normalization, one per new plugin content area) to keep reviewability and rollback safer.
Comment on lines
18
to
20
| "agents": [ | ||
| "./agents/mcp-m365-agent-expert.md" | ||
| "./agents" | ||
| ], |
There was a problem hiding this comment.
Changing "agents" entries from explicit agent files to a directory path ("./agents") is likely to break consumers/validators if plugin.json expects a list of agent file paths (as the previous state implied). If directory entries are not explicitly supported by the plugin loader schema, revert to listing explicit agent markdown files (or adopt whatever glob/manifest mechanism the loader supports) and apply the same fix to the other plugins updated with this pattern.
See below for a potential fix:
"agents": [],
Comment on lines
+131
to
+138
| - Create `docker-compose.yaml` at project root and add following services: `redis:6`, `postgresql:17` and `mongo:8`. | ||
|
|
||
| - redis service should have | ||
| - password `rootroot` | ||
| - mapping port 6379 to 6379 | ||
| - mounting volume `./redis_data` to `/data` | ||
| - postgresql service should have | ||
| - password `rootroot` |
There was a problem hiding this comment.
The official Docker image is postgres, not postgresql. As written, postgresql:17 will fail to pull for most users and makes the instructions non-functional. Update the referenced service image to the correct tag (e.g., postgres:17) and ensure the rest of the docker-compose steps match the image’s supported env vars.
Suggested change
| - Create `docker-compose.yaml` at project root and add following services: `redis:6`, `postgresql:17` and `mongo:8`. | |
| - redis service should have | |
| - password `rootroot` | |
| - mapping port 6379 to 6379 | |
| - mounting volume `./redis_data` to `/data` | |
| - postgresql service should have | |
| - password `rootroot` | |
| - Create `docker-compose.yaml` at project root and add following services: `redis:6`, `postgres:17` and `mongo:8`. | |
| - redis service should have | |
| - password `rootroot` | |
| - mapping port 6379 to 6379 | |
| - mounting volume `./redis_data` to `/data` | |
| - postgres service should have | |
| - environment variables `POSTGRES_USER=root`, `POSTGRES_PASSWORD=rootroot`, `POSTGRES_DB=test` |
| - Docker | ||
| - Docker Compose | ||
|
|
||
| - If you need to custom the project name, please change the `artifactId` and the `packageName` in [download-spring-boot-project-template](./create-spring-boot-java-project.prompt.md#download-spring-boot-project-template) |
There was a problem hiding this comment.
Correct the wording to use the verb “customize” (current phrasing is ungrammatical).
Suggested change
| - If you need to custom the project name, please change the `artifactId` and the `packageName` in [download-spring-boot-project-template](./create-spring-boot-java-project.prompt.md#download-spring-boot-project-template) | |
| - If you need to customize the project name, please change the `artifactId` and the `packageName` in [download-spring-boot-project-template](./create-spring-boot-java-project.prompt.md#download-spring-boot-project-template) |
Contributor
|
@felickz I suggest breaking this down and creating some smaller PRs for the new skills you want to add! I.e for secret-scanning skill update, keep that as it's own PR so you tag the relevant codeowners in your PRs and makes it easier for us to approve or suggest changes as I have less context on the other skills you added :) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request Checklist
npm startand verified thatREADME.mdis up to date.stagedbranch for this pull request.Description
Type of Contribution
Additional Notes
By submitting this pull request, I confirm that my contribution abides by the Code of Conduct and will be licensed under the MIT License.