* Add publish-to-pages agent skill
Agent skill that publishes presentations and web content to GitHub Pages.
Works with any AI coding agent (Copilot CLI, Claude Code, Gemini CLI, etc.)
Features:
- Converts PPTX and PDF with full formatting preservation
- Creates repo, enables Pages, returns live URL
- Zero config — just needs gh CLI
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* docs: update README.skills.md
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Removed 'infer' option and replaced it with 'user-invocable' and 'disable-model-invocation'.
* Clarified the purpose of new options for better usability.
* Updated guidelines to reflect changes in agent invocation behavior.
* Source dataverse plugin from microsoft/Dataverse-skills
The Dataverse plugin was previously bundled locally with a single
mcp-configure skill. It is now sourced externally from
microsoft/Dataverse-skills, which provides the full skill set:
init, setup, metadata, python-sdk, solution, mcp-configure, and overview.
- marketplace.json: update dataverse entry to external source format
- external.json: add Dataverse entry alongside Azure
- plugins/dataverse/: remove local plugin directory (now external)
- skills/mcp-configure/: remove top-level copy (now in external plugin)
- docs/README.plugins.md: update dataverse row with external link
- docs/README.skills.md: note mcp-configure moved to external plugin
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Make dataverse plugin docs generic to avoid stale counts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Remove mcp-configure from skills index — now in external plugin
External plugins don't list their skills in README.skills.md
(consistent with azure-skills).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Revert manual edits to generated files
marketplace.json, README.plugins.md, and README.skills.md are
auto-generated. External plugins are discovered via external.json
and merged into marketplace.json by generate-marketplace.mjs.
Matches the Azure external plugin pattern — no manual doc entries.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Regenerate marketplace.json and docs after external plugin change
Run npm run build to pick up the new external dataverse entry and
remove the old local one from generated files.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Make the skill modal download button reuse the existing skill ZIP behavior so it downloads the full skill bundle instead of only the current file. Extract the ZIP creation into a shared utility and reuse it from the skills and hooks pages.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* New hook: secrets-scanner
Add a secrets-scanner hook that scans files modified during a Copilot
coding agent session for leaked secrets, credentials, and sensitive data.
The hook runs on sessionEnd and inspects files in one of three scopes:
- diff: only files changed in the current session (default)
- staged: only files currently staged in the git index
- all: every tracked file in the repository
Detected pattern categories:
- AWS access keys and secret keys
- GCP service account credentials
- Azure client secrets and storage connection strings
- GitHub personal access tokens
- Slack tokens (bot, user, webhook)
- Private key headers (RSA, EC, DSA, OpenSSH, PEM)
- Generic high-entropy bearer tokens
- Internal IP:port strings
Configurable via environment variables (SCAN_MODE, SCAN_SCOPE,
SECRETS_ALLOWLIST) so teams can tune for their workflow without
editing the script. Patterns are POSIX ERE (grep -E) compatible,
with no PCRE metacharacters, for portability across macOS and Linux.
Files: hooks.json, scan-secrets.sh, README.md
* refactor: move PATTERNS array to top of scan-secrets.sh for discoverability
Move the PATTERNS declaration to the top of the file so it is clearly
visible and easy to customize, as suggested in code review. Added a
descriptive header comment. No functional changes.
---------
Co-authored-by: Shehab Sherif <shehabsherif0@users.noreply.github.com>
* Removing a codex-specific agent (model deprecated) and removing model from blueprint mode
* Combining skills into a single skill with an internal decision tree
* Converting agents to skill with decision tree
Closes#998
* Converting agents to skill with decision tree"
Fixes#999
Add a reusable Agent Skill that installs npm packages in Docker sandbox
environments where virtiofs-mounted workspaces cause native binary crashes
(esbuild, lightningcss, rollup). The script installs on local ext4 and
symlinks node_modules back into the workspace.
- SKILL.md with spec-compliant frontmatter and documentation
- scripts/install.sh with security hardening (no eval, readonly paths)
- Updated docs/README.skills.md with new skill entry
Co-authored-by: GeekTrainer <GeekTrainer@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Cleaned up some tool names
* Removing some instructionsThese instructions are no longer useful as the knowledge the add is already well handled by frontier models, so the instructions potentially provide conflicting or incorrect information to the agent while it undertakes a task
* Improved the skill to be more explicit on how to use playwright
* Removing a skill that is of low value
The information captured in this skill is mostly just what is found in the links that are at the top of the references, and thus the model will already have that knowledge available to it, meaning that the skill will potentially provide conflicting guidance to the agent as it works
* Updating readmes
* Initial plan
* feat: add PR duplicate check agentic workflow
Adds a new GitHub Agentic Workflow that triggers on pull_request
events (opened, synchronize, reopened) to detect potential duplicate
agents, instructions, skills, and workflows being contributed via PR.
When relevant files are changed, the agent compares them against
existing resources and posts a comment on the PR listing any potential
duplicates with context and a suggestion. If no relevant files are
changed or no duplicates are found, it calls noop.
- .github/workflows/pr-duplicate-check.md: source workflow (gh-aw format)
- .github/workflows/pr-duplicate-check.lock.yml: compiled workflow
Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>
Co-authored-by: Aaron Powell <me@aaron-powell.com>
* chore: update ScoutQA skill with issue verification and localhost testing support
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address PR feedback - single-line description and remove create-execution from header
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* doublecheck: auto-escalate to full report for high-risk content
In active (persistent) mode, doublecheck previously used abbreviated
inline verification for all content types, with the full three-layer
report only available if the user explicitly requested it. Most users
did not know the command existed, so high-stakes content (legal
analysis, regulatory guidance) and responses with DISPUTED or
FABRICATION RISK findings were presented with only a summary table.
Changes:
- Auto-escalate to the full verification report when any claim rates
DISPUTED or FABRICATION RISK during inline verification
- Always use the full report for legal analysis, regulatory
interpretation, compliance guidance, and content with case citations
or statutory references
- Update the activation message to mention the 'full report' command
- Add a discoverability footer to inline verification sections
- Update README.md to document the new behavior
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address review feedback: fix table reference, reconcile bullets, clarify callout placement, add trigger phrase
- Table row now references 'high-stakes content rule' (not 'auto-escalation
rule') and lists all content types that match the later rule text
- README first bullet no longer claims legal content gets inline
verification, resolving the contradiction with the next bullet
- Clarify that the 'Heads up' callout goes at the top of the full report
when auto-escalation applies, not in a nonexistent inline section
- Add 'full report' to the explicit trigger phrase list in the 'Offer
full verification on request' rule
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Update README.md
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update README.md
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Add doublecheck plugin: three-layer verification pipeline for AI output
Adds a new plugin that helps users verify AI-generated content before
acting on it. Designed for sensitive contexts (legal, medical, financial,
compliance) where hallucinations carry real consequences.
Three verification layers:
- Self-Audit: extracts verifiable claims, checks internal consistency
- Source Verification: web searches per claim, produces URLs for human review
- Adversarial Review: assumes errors exist, checks hallucination patterns
Supports persistent mode (auto-verifies every factual response inline)
and one-shot mode (full report on specific text). Confidence ratings:
VERIFIED, PLAUSIBLE, UNVERIFIED, DISPUTED, FABRICATION RISK.
Includes:
- Skill (skills/doublecheck/) with bundled report template
- Agent (agents/doublecheck.agent.md) for interactive verification
- Plugin package (plugins/doublecheck/) bundling both
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address review: fix tools YAML format, remove materialized artifacts
- Fix tools frontmatter in agents/doublecheck.agent.md to use standard
YAML list format instead of flow sequence with trailing comma
- Remove plugins/doublecheck/agents/ and plugins/doublecheck/skills/
from tracking; these paths are in .gitignore as CI-materialized
artifacts that should not be committed
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Autonomous backup agent for GitHub Copilot CLI skills. Watches, syncs,
and pushes skill changes to GitHub in real time. One-line install,
survives reboots, zero interaction after setup.
Co-authored-by: DUBSOpenHub <DUBSOpenHub@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Some layout tweaks
* SSR resource listing pages
Render resource listing pages in Astro for first paint and hydrate client filtering/search behavior on top.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Fixing font path
* removing feature plugin reference as we don't track that anymore
* button alignment
* rendering markdown
* Improve skills modal file browsing
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Improving the layout of the search/filter section
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add dependency/blocking trigger phrases to skill description so the
skill activates on requests like 'link issues', 'add dependency',
'blocked by', and 'blocking'
- Fix incorrect GraphQL return field in dependencies.md: blockedByIssue
does not exist on AddBlockedByPayload; the correct field is
blockingIssue
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* feat: show external plugins on the website
Read plugins/external.json during website data generation and include
external plugins alongside local ones in plugins.json. External plugins
are flagged with external:true and carry metadata (author, repository,
homepage, license, source).
On the website:
- Plugin cards show a '🔗 External' badge and author attribution
- The 'Repository' button links to the source path within the repo
- The modal shows metadata (author, repo, homepage, license) and a
'View Repository' CTA instead of an items list
- External plugins are searchable and filterable by tags
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: address PR #937 security and UX review comments
- Add sanitizeUrl() function to validate URLs and prevent XSS via javascript:/data: schemes
- Add rel="noopener noreferrer" to all target="_blank" links to prevent reverse-tabnabbing
- Change external plugin path from external/<name> to plugins/<name> for proper deep-linking
- Track actual count of external plugins added (after filtering/deduplication) in build logs
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Assigns ownership of napkin plugin and skill to @dvelton
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
