Skip to content

Add Security Skills Toolkit plugin 🤖🤖🤖#2116

Open
harrider wants to merge 21 commits into
github:mainfrom
harrider:harrider/skill/add-security-skills-toolkit
Open

Add Security Skills Toolkit plugin 🤖🤖🤖#2116
harrider wants to merge 21 commits into
github:mainfrom
harrider:harrider/skill/add-security-skills-toolkit

Conversation

@harrider

Copy link
Copy Markdown

Pull Request Checklist

  • I have read and followed the CONTRIBUTING.md guidelines.
  • I have read and followed the Guidance for submissions involving paid services.
  • My contribution adds a new instruction, prompt, agent, skill, workflow, or canvas extension file in the correct directory.
  • The file follows the required naming convention.
  • The content is clearly structured and follows the example format.
  • I have tested my instructions, prompt, agent, skill, workflow, or canvas extension with GitHub Copilot.
  • I have run npm start and verified that README.md is up to date.
  • I am targeting the staged branch for this pull request.

Description

Adds the security-skills-toolkit plugin — an AI-powered helper for developers modernizing the security posture of Azure-based applications. A developer describes a security concern in plain language, and an orchestrator agent routes to a specialist skill that pulls relevant public Microsoft documentation and helps plan/apply changes, with the developer in control throughout.

The plugin ships 1 agent + 19 skills (all prefixed sst-):

  • Agent: sst-security-skills-orchestrator — classifies a concern and routes to the right skill.
  • Secretless-auth migrations (7): sst-storage-secretless-auth, sst-sql-secretless-auth, sst-cosmosdb-secretless-auth, sst-redis-secretless-auth, sst-eventhub-secretless-auth, sst-servicebus-secretless-auth, sst-cognitive-secretless-auth — move from keys/SAS/passwords to Microsoft Entra managed identity.
  • MSAL.js modernization (10): an sst-msaljs-migration router plus 9 version-hop skills (browser/Angular/Node/React).
  • Container hygiene (1): sst-container-vulnerability-patching.
  • Fallback (1): sst-general-security-helper for concerns without a dedicated skill.

All guidance is grounded in publicly available Microsoft documentation (Entra/managed identity, MSAL.js, SFI/Zero Trust).


Type of Contribution

  • New instruction file.
  • New prompt file.
  • New agent file.
  • New plugin.
  • New skill file.
  • New agentic workflow.
  • New canvas extension.
  • Update to existing instruction, prompt, agent, plugin, skill, workflow, or canvas extension.
  • Other (please specify):

Additional Notes

  • Authored in source form on staged: the plugin folder contains only .github/plugin/plugin.json + README.md; the agent lives in top-level agents/ and the 19 skills in top-level skills/, referenced declaratively from plugin.json (CI materializes them on publish).
  • Regenerated outputs are committed alongside the source: .github/plugin/marketplace.json and docs/README.{agents,plugins,skills}.md (npm run build produces no further diff).
  • npm run plugin:validatesecurity-skills-toolkit is valid; all 19 sst-* skills pass npm run skill:validate.
  • Locally verified end-to-end in the GitHub Copilot CLI (real copilot plugin install): the orchestrator agent is discoverable/selectable and routes correctly to the sst- skills (tested MSAL.js migration and storage secretless-auth).
  • License: MIT; author: "Awesome Copilot Community".

Copilot AI review requested due to automatic review settings June 24, 2026 17:19
@harrider harrider requested a review from aaronpowell as a code owner June 24, 2026 17:19
@github-actions github-actions Bot added agent PR touches agents new-submission PR adds at least one new contribution plugin PR touches plugins skills PR touches skills labels Jun 24, 2026
@github-actions

github-actions Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

🔒 PR Risk Scan Results

Scanned 26 changed file(s).

Severity Count
🔴 High 0
🟠 Medium 52
ℹ️ Info 0
Severity Rule File Line Match
🟠 package-exec-command docs/README.skills.md 31 | [acreadiness-assess](../skills/acreadiness-assess/SKILL.md)<br />`gh skills install github/awesome-copilot acreadiness-assess` | Run the AgentRC readiness assessment on the curre
🟠 unpinned-version-indicator skills/sst-cognitive-secretless-auth/SKILL.md 374 pip install azure-ai-textanalytics>=5.3.0
🟠 unpinned-version-indicator skills/sst-cognitive-secretless-auth/SKILL.md 375 pip install azure-identity>=1.15.0
🟠 unpinned-version-indicator skills/sst-cognitive-secretless-auth/SKILL.md 376 pip install openai>=1.0.0
🟠 unpinned-version-indicator skills/sst-cognitive-secretless-auth/SKILL.md 434 - [ ] **Dependencies Updated**: Azure SDK packages support Managed Identity (Azure.Identity >= 1.10.0)
🟠 unpinned-version-indicator skills/sst-msaljs-migration-angular-v2-to-v3/SKILL.md 136 { "rxjs": "~6.6.7" }
🟠 unpinned-version-indicator skills/sst-msaljs-migration-angular-v2-to-v3/SKILL.md 141 { "rxjs": "^7.0.0" }
🟠 unpinned-version-indicator skills/sst-msaljs-migration-angular-v2-to-v3/SKILL.md 153 "@​​azure/msal-angular": "^2.0.0"
🟠 unpinned-version-indicator skills/sst-msaljs-migration-angular-v2-to-v3/SKILL.md 160 "@​​azure/msal-angular": "^3.0.0"
🟠 unpinned-version-indicator skills/sst-msaljs-migration-angular-v3-to-v4/SKILL.md 110 "@​​azure/msal-angular": "^3.1.0",
🟠 unpinned-version-indicator skills/sst-msaljs-migration-angular-v3-to-v4/SKILL.md 111 "@​​azure/msal-browser": "^4.0.0"
🟠 unpinned-version-indicator skills/sst-msaljs-migration-angular-v3-to-v4/SKILL.md 116 "@​​azure/msal-angular": "^4.0.0",
🟠 unpinned-version-indicator skills/sst-msaljs-migration-angular-v3-to-v4/SKILL.md 117 "@​​azure/msal-browser": "^4.0.0"
🟠 unpinned-version-indicator skills/sst-msaljs-migration-angular-v3-to-v4/SKILL.md 161 this.loginDisplay = this.authService.instance.getAllAccounts().length > 0;
🟠 unpinned-version-indicator skills/sst-msaljs-migration-angular-v3-to-v4/SKILL.md 188 this.loginDisplay = this.authService.instance.getAllAccounts().length > 0;
🟠 unpinned-version-indicator skills/sst-msaljs-migration-angular-v4-to-v5/SKILL.md 165 "@​​azure/msal-angular": "^4.0.0",
🟠 unpinned-version-indicator skills/sst-msaljs-migration-angular-v4-to-v5/SKILL.md 166 "@​​azure/msal-browser": "^5.4.0"
🟠 unpinned-version-indicator skills/sst-msaljs-migration-angular-v4-to-v5/SKILL.md 175 "@​​azure/msal-angular": "^5.0.0",
🟠 unpinned-version-indicator skills/sst-msaljs-migration-angular-v4-to-v5/SKILL.md 176 "@​​azure/msal-browser": "^5.4.0"
🟠 package-exec-command skills/sst-msaljs-migration-angular-v4-to-v5/SKILL.md 465 npx tsc --noEmit
🟠 unpinned-version-indicator skills/sst-msaljs-migration-browser-v2-to-v3/SKILL.md 114 package.json → "@​​azure/msal-browser": "^2.x.x"
🟠 unpinned-version-indicator skills/sst-msaljs-migration-browser-v2-to-v3/SKILL.md 449 "@​​azure/msal-browser": "^2.38.3"
🟠 unpinned-version-indicator skills/sst-msaljs-migration-browser-v2-to-v3/SKILL.md 459 "@​​azure/msal-browser": "^3.0.0"
🟠 unpinned-version-indicator skills/sst-msaljs-migration-browser-v3-to-v4/SKILL.md 133 "@​​azure/msal-browser": "^3.27.0"
🟠 unpinned-version-indicator skills/sst-msaljs-migration-browser-v3-to-v4/SKILL.md 142 "@​​azure/msal-browser": "^4.0.0"
🟠 unpinned-version-indicator skills/sst-msaljs-migration-browser-v4-to-v5/SKILL.md 83 Simply changing `"@​​azure/msal-browser": "^4.x.x"` to `"^5.2.0"` in `package.json` will **break your application**. MSAL Browser v5 includes:
🟠 unpinned-version-indicator skills/sst-msaljs-migration-browser-v4-to-v5/SKILL.md 1061 "@​​azure/msal-browser": "^4.0.0"
🟠 unpinned-version-indicator skills/sst-msaljs-migration-browser-v4-to-v5/SKILL.md 1070 "@​​azure/msal-browser": "^5.2.0"
🟠 package-exec-command skills/sst-msaljs-migration-browser-v4-to-v5/SKILL.md 1203 npx tsc --noEmit
🟠 unpinned-version-indicator skills/sst-msaljs-migration-node-v2-to-v3/SKILL.md 106 "@​​azure/msal-node": "^3.0.0"
🟠 unpinned-version-indicator skills/sst-msaljs-migration-node-v3-to-v5/SKILL.md 94 ``- `"node": "^16 || ^18"```
🟠 unpinned-version-indicator skills/sst-msaljs-migration-node-v3-to-v5/SKILL.md 254 "@​​azure/msal-node": "^5.0.0"
🟠 unpinned-version-indicator skills/sst-msaljs-migration-react-v3-to-v5/SKILL.md 370 "@​​azure/msal-browser": "^3.x.x"
🟠 unpinned-version-indicator skills/sst-msaljs-migration-react-v3-to-v5/SKILL.md 371 "@​​azure/msal-browser": "^4.x.x"
🟠 unpinned-version-indicator skills/sst-msaljs-migration-react-v3-to-v5/SKILL.md 374 "@​​azure/msal-browser": "^5.0.0"
🟠 unpinned-version-indicator skills/sst-msaljs-migration-react-v3-to-v5/SKILL.md 599 "@​​azure/msal-react": "^3.0.0"
🟠 unpinned-version-indicator skills/sst-msaljs-migration-react-v3-to-v5/SKILL.md 608 "@​​azure/msal-react": "^5.0.0"
🟠 unpinned-version-indicator skills/sst-msaljs-migration-react-v3-to-v5/SKILL.md 617 "@​​azure/msal-browser": "^5.0.0",
🟠 unpinned-version-indicator skills/sst-msaljs-migration-react-v3-to-v5/SKILL.md 618 "@​​azure/msal-react": "^5.0.0"
🟠 unpinned-version-indicator skills/sst-servicebus-secretless-auth/SKILL.md 395 pip install azure-servicebus>=7.11.0
🟠 unpinned-version-indicator skills/sst-servicebus-secretless-auth/SKILL.md 396 pip install azure-identity>=1.15.0
🟠 unpinned-version-indicator skills/sst-servicebus-secretless-auth/SKILL.md 405 <version>7.14.0</version>
🟠 unpinned-version-indicator skills/sst-servicebus-secretless-auth/SKILL.md 410 <version>1.11.0</version>
🟠 unpinned-version-indicator skills/sst-servicebus-secretless-auth/SKILL.md 508 - [ ] **Dependencies Updated**: Azure SDK packages support Managed Identity (Azure.Messaging.ServiceBus >= 7.17.0, Azure.Identity >= 1.10.0)
🟠 unpinned-version-indicator skills/sst-sql-secretless-auth/SKILL.md 638 <version>12.4.x</version>
🟠 unpinned-version-indicator skills/sst-sql-secretless-auth/SKILL.md 643 <version>1.10.x</version>
🟠 unpinned-version-indicator skills/sst-storage-secretless-auth/SKILL.md 349 azure-storage-blob>=12.19.0
🟠 unpinned-version-indicator skills/sst-storage-secretless-auth/SKILL.md 350 azure-identity>=1.15.0
🟠 unpinned-version-indicator skills/sst-storage-secretless-auth/SKILL.md 397 <version>12.25.0</version>
🟠 unpinned-version-indicator skills/sst-storage-secretless-auth/SKILL.md 402 <version>1.11.0</version>
🟠 unpinned-version-indicator skills/sst-storage-secretless-auth/SKILL.md 434 "@​​azure/storage-blob": "^12.17.0",
🟠 unpinned-version-indicator skills/sst-storage-secretless-auth/SKILL.md 435 "@​​azure/identity": "^4.0.0"

This is an automated soft-gate report. Findings indicate review targets and do not block merge by themselves.

@github-actions github-actions Bot added the skill-check-warning Skill validator reported warnings label Jun 24, 2026
@github-actions

github-actions Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

🔍 Skill Validator Results

⚠️ Warnings or advisories found

Scope Checked
Skills 19
Agents 1
Total 20
Severity Count
❌ Errors 0
⚠️ Warnings 17
ℹ️ Advisories 0

Summary

Level Finding
ℹ️ Found 19 skill(s)
ℹ️ [sst-cognitive-secretless-auth] 📊 sst-cognitive-secretless-auth: 6,072 BPE tokens [chars/4: 6,694] (comprehensive ✗), 55 sections, 23 code blocks
ℹ️ [sst-cognitive-secretless-auth] ⚠ Skill is 6,072 BPE tokens (chars/4 estimate: 6,694) — "comprehensive" skills hurt performance by 2.9pp on average. Consider splitting into 2–3 focused skills.
ℹ️ [sst-container-vulnerability-patching] 📊 sst-container-vulnerability-patching: 7,281 BPE tokens [chars/4: 8,065] (comprehensive ✗), 39 sections, 11 code blocks
ℹ️ [sst-container-vulnerability-patching] ⚠ Skill is 7,281 BPE tokens (chars/4 estimate: 8,065) — "comprehensive" skills hurt performance by 2.9pp on average. Consider splitting into 2–3 focused skills.
ℹ️ [sst-cosmosdb-secretless-auth] 📊 sst-cosmosdb-secretless-auth: 5,223 BPE tokens [chars/4: 5,787] (comprehensive ✗), 32 sections, 19 code blocks
ℹ️ [sst-cosmosdb-secretless-auth] ⚠ Skill is 5,223 BPE tokens (chars/4 estimate: 5,787) — "comprehensive" skills hurt performance by 2.9pp on average. Consider splitting into 2–3 focused skills.
ℹ️ [sst-eventhub-secretless-auth] 📊 sst-eventhub-secretless-auth: 4,608 BPE tokens [chars/4: 5,165] (standard ~), 29 sections, 16 code blocks
ℹ️ [sst-eventhub-secretless-auth] ⚠ Skill is 4,608 BPE tokens (chars/4 estimate: 5,165) — approaching "comprehensive" range where gains diminish.
ℹ️ [sst-general-security-helper] 📊 sst-general-security-helper: 3,401 BPE tokens [chars/4: 3,977] (standard ~), 28 sections, 3 code blocks
Full validator output
Found 19 skill(s)
[sst-cognitive-secretless-auth] 📊 sst-cognitive-secretless-auth: 6,072 BPE tokens [chars/4: 6,694] (comprehensive ✗), 55 sections, 23 code blocks
[sst-cognitive-secretless-auth]    ⚠  Skill is 6,072 BPE tokens (chars/4 estimate: 6,694) — "comprehensive" skills hurt performance by 2.9pp on average. Consider splitting into 2–3 focused skills.
[sst-container-vulnerability-patching] 📊 sst-container-vulnerability-patching: 7,281 BPE tokens [chars/4: 8,065] (comprehensive ✗), 39 sections, 11 code blocks
[sst-container-vulnerability-patching]    ⚠  Skill is 7,281 BPE tokens (chars/4 estimate: 8,065) — "comprehensive" skills hurt performance by 2.9pp on average. Consider splitting into 2–3 focused skills.
[sst-cosmosdb-secretless-auth] 📊 sst-cosmosdb-secretless-auth: 5,223 BPE tokens [chars/4: 5,787] (comprehensive ✗), 32 sections, 19 code blocks
[sst-cosmosdb-secretless-auth]    ⚠  Skill is 5,223 BPE tokens (chars/4 estimate: 5,787) — "comprehensive" skills hurt performance by 2.9pp on average. Consider splitting into 2–3 focused skills.
[sst-eventhub-secretless-auth] 📊 sst-eventhub-secretless-auth: 4,608 BPE tokens [chars/4: 5,165] (standard ~), 29 sections, 16 code blocks
[sst-eventhub-secretless-auth]    ⚠  Skill is 4,608 BPE tokens (chars/4 estimate: 5,165) — approaching "comprehensive" range where gains diminish.
[sst-general-security-helper] 📊 sst-general-security-helper: 3,401 BPE tokens [chars/4: 3,977] (standard ~), 28 sections, 3 code blocks
[sst-general-security-helper]    ⚠  Skill is 3,401 BPE tokens (chars/4 estimate: 3,977) — approaching "comprehensive" range where gains diminish.
[sst-msaljs-migration-angular-v2-to-v3] 📊 sst-msaljs-migration-angular-v2-to-v3: 3,459 BPE tokens [chars/4: 3,572] (standard ~), 20 sections, 13 code blocks
[sst-msaljs-migration-angular-v2-to-v3]    ⚠  Skill is 3,459 BPE tokens (chars/4 estimate: 3,572) — approaching "comprehensive" range where gains diminish.
[sst-msaljs-migration-angular-v3-to-v4] 📊 sst-msaljs-migration-angular-v3-to-v4: 2,501 BPE tokens [chars/4: 2,583] (standard ~), 18 sections, 8 code blocks
[sst-msaljs-migration-angular-v3-to-v4]    ⚠  Skill is 2,501 BPE tokens (chars/4 estimate: 2,583) — approaching "comprehensive" range where gains diminish.
[sst-msaljs-migration-angular-v4-to-v5] 📊 sst-msaljs-migration-angular-v4-to-v5: 4,956 BPE tokens [chars/4: 5,070] (standard ~), 39 sections, 29 code blocks
[sst-msaljs-migration-angular-v4-to-v5]    ⚠  Skill is 4,956 BPE tokens (chars/4 estimate: 5,070) — approaching "comprehensive" range where gains diminish.
[sst-msaljs-migration-browser-v2-to-v3] 📊 sst-msaljs-migration-browser-v2-to-v3: 5,405 BPE tokens [chars/4: 5,562] (comprehensive ✗), 35 sections, 21 code blocks
[sst-msaljs-migration-browser-v2-to-v3]    ⚠  Skill is 5,405 BPE tokens (chars/4 estimate: 5,562) — "comprehensive" skills hurt performance by 2.9pp on average. Consider splitting into 2–3 focused skills.
[sst-msaljs-migration-browser-v3-to-v4] 📊 sst-msaljs-migration-browser-v3-to-v4: 3,161 BPE tokens [chars/4: 3,283] (standard ~), 31 sections, 11 code blocks
[sst-msaljs-migration-browser-v3-to-v4]    ⚠  Skill is 3,161 BPE tokens (chars/4 estimate: 3,283) — approaching "comprehensive" range where gains diminish.
[sst-msaljs-migration-browser-v4-to-v5] 📊 sst-msaljs-migration-browser-v4-to-v5: 11,454 BPE tokens [chars/4: 12,072] (comprehensive ✗), 64 sections, 67 code blocks
[sst-msaljs-migration-browser-v4-to-v5]    ⚠  Skill is 11,454 BPE tokens (chars/4 estimate: 12,072) — "comprehensive" skills hurt performance by 2.9pp on average. Consider splitting into 2–3 focused skills.
[sst-msaljs-migration-node-v2-to-v3] 📊 sst-msaljs-migration-node-v2-to-v3: 1,458 BPE tokens [chars/4: 1,516] (detailed ✓), 11 sections, 3 code blocks
[sst-msaljs-migration-node-v3-to-v5] 📊 sst-msaljs-migration-node-v3-to-v5: 2,920 BPE tokens [chars/4: 2,894] (standard ~), 16 sections, 11 code blocks
[sst-msaljs-migration-node-v3-to-v5]    ⚠  Skill is 2,920 BPE tokens (chars/4 estimate: 2,894) — approaching "comprehensive" range where gains diminish.
[sst-msaljs-migration-react-v3-to-v5] 📊 sst-msaljs-migration-react-v3-to-v5: 6,262 BPE tokens [chars/4: 6,266] (comprehensive ✗), 45 sections, 39 code blocks
[sst-msaljs-migration-react-v3-to-v5]    ⚠  Skill is 6,262 BPE tokens (chars/4 estimate: 6,266) — "comprehensive" skills hurt performance by 2.9pp on average. Consider splitting into 2–3 focused skills.
[sst-msaljs-migration] 📊 sst-msaljs-migration: 1,443 BPE tokens [chars/4: 1,339] (detailed ✓), 8 sections, 1 code blocks
[sst-redis-secretless-auth] 📊 sst-redis-secretless-auth: 4,599 BPE tokens [chars/4: 5,324] (standard ~), 22 sections, 4 code blocks
[sst-redis-secretless-auth]    ⚠  Skill is 4,599 BPE tokens (chars/4 estimate: 5,324) — approaching "comprehensive" range where gains diminish.
[sst-servicebus-secretless-auth] 📊 sst-servicebus-secretless-auth: 6,323 BPE tokens [chars/4: 7,026] (comprehensive ✗), 64 sections, 29 code blocks
[sst-servicebus-secretless-auth]    ⚠  Skill is 6,323 BPE tokens (chars/4 estimate: 7,026) — "comprehensive" skills hurt performance by 2.9pp on average. Consider splitting into 2–3 focused skills.
[sst-sql-secretless-auth] 📊 sst-sql-secretless-auth: 14,045 BPE tokens [chars/4: 15,699] (comprehensive ✗), 78 sections, 41 code blocks
[sst-sql-secretless-auth]    ⚠  Skill is 14,045 BPE tokens (chars/4 estimate: 15,699) — "comprehensive" skills hurt performance by 2.9pp on average. Consider splitting into 2–3 focused skills.
[sst-storage-secretless-auth] 📊 sst-storage-secretless-auth: 7,633 BPE tokens [chars/4: 8,429] (comprehensive ✗), 48 sections, 36 code blocks
[sst-storage-secretless-auth]    ⚠  Skill is 7,633 BPE tokens (chars/4 estimate: 8,429) — "comprehensive" skills hurt performance by 2.9pp on average. Consider splitting into 2–3 focused skills.
Found 1 agent(s)
Validated 1 agent(s)
✅ All checks passed (19 skill(s), 1 agent(s))

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new security-skills-toolkit plugin to the Awesome Copilot marketplace, centered around an orchestrator agent that routes developers to specialized security modernization skills (managed identity/secretless-auth migrations, MSAL.js upgrade hops, and a general SFI-guided helper).

Changes:

  • Introduces the security-skills-toolkit plugin (manifest + README) and lists it in the marketplace + generated docs.
  • Adds the sst-security-skills-orchestrator agent as the plugin entrypoint.
  • Adds the sst-* skill set (secretless-auth migrations + MSAL.js migration router and hop skills).

Reviewed changes

Copilot reviewed 26 out of 26 changed files in this pull request and generated 21 comments.

Show a summary per file
File Description
.github/plugin/marketplace.json Registers the new plugin in the generated marketplace index.
agents/sst-security-skills-orchestrator.agent.md Adds the orchestrator agent definition and routing instructions.
docs/README.agents.md Adds the orchestrator agent to generated agent documentation.
docs/README.plugins.md Adds the plugin to generated plugin documentation.
docs/README.skills.md Adds the new sst-* skills to generated skill documentation.
plugins/security-skills-toolkit/.github/plugin/plugin.json Defines plugin metadata and references the agent + skills included in the plugin.
plugins/security-skills-toolkit/README.md Provides installation and usage docs for the plugin and its capabilities.
skills/sst-cognitive-secretless-auth/SKILL.md Skill for migrating Azure Cognitive/AI Services from API keys to Entra/managed identity.
skills/sst-container-vulnerability-patching/SKILL.md Skill for container base-image vulnerability patching guidance grounded in public docs.
skills/sst-cosmosdb-secretless-auth/SKILL.md Skill for migrating Cosmos DB from keys to Entra/managed identity auth.
skills/sst-eventhub-secretless-auth/SKILL.md Skill for migrating Event Hubs from SAS/connection strings to Entra/managed identity.
skills/sst-general-security-helper/SKILL.md General SFI-guided helper skill for concerns without a dedicated specialist skill.
skills/sst-msaljs-migration/SKILL.md Router/orchestrator skill for MSAL.js migrations across package/version hops.
skills/sst-msaljs-migration-angular-v2-to-v3/SKILL.md MSAL Angular v2→v3 hop guidance skill.
skills/sst-msaljs-migration-angular-v3-to-v4/SKILL.md MSAL Angular v3→v4 hop guidance skill.
skills/sst-msaljs-migration-angular-v4-to-v5/SKILL.md MSAL Angular v4→v5 hop guidance skill.
skills/sst-msaljs-migration-browser-v2-to-v3/SKILL.md MSAL Browser v2→v3 hop guidance skill.
skills/sst-msaljs-migration-browser-v3-to-v4/SKILL.md MSAL Browser v3→v4 hop guidance skill.
skills/sst-msaljs-migration-browser-v4-to-v5/SKILL.md MSAL Browser v4→v5 hop guidance skill.
skills/sst-msaljs-migration-node-v2-to-v3/SKILL.md MSAL Node v2→v3 hop guidance skill.
skills/sst-msaljs-migration-node-v3-to-v5/SKILL.md MSAL Node v3→v5 hop guidance skill.
skills/sst-msaljs-migration-react-v3-to-v5/SKILL.md MSAL React v3→v5 hop guidance skill.
skills/sst-redis-secretless-auth/SKILL.md Skill for migrating Azure Cache for Redis from access keys to Entra/managed identity.
skills/sst-servicebus-secretless-auth/SKILL.md Skill for migrating Azure Service Bus from SAS/connection strings to Entra/managed identity.
skills/sst-sql-secretless-auth/SKILL.md Skill for migrating Azure SQL from SQL auth to Entra/managed identity.
skills/sst-storage-secretless-auth/SKILL.md Skill for migrating Azure Storage from shared keys to Entra/managed identity.

Comment thread plugins/security-skills-toolkit/.github/plugin/plugin.json
Comment thread agents/sst-security-skills-orchestrator.agent.md
Comment thread skills/sst-servicebus-secretless-auth/SKILL.md Outdated
Comment thread skills/sst-redis-secretless-auth/SKILL.md Outdated
Comment thread skills/sst-msaljs-migration/SKILL.md Outdated
Comment thread skills/sst-container-vulnerability-patching/SKILL.md Outdated
Comment thread skills/sst-msaljs-migration-browser-v4-to-v5/SKILL.md Outdated
Comment thread skills/sst-msaljs-migration-react-v3-to-v5/SKILL.md Outdated
Comment thread skills/sst-sql-secretless-auth/SKILL.md Outdated
Comment thread skills/sst-storage-secretless-auth/SKILL.md Outdated
@github-actions github-actions Bot added the skill-check-error Skill validator reported errors label Jun 24, 2026
@github-actions github-actions Bot removed the skill-check-error Skill validator reported errors label Jun 24, 2026
@aaronpowell aaronpowell changed the base branch from staged to main June 25, 2026 04:41
@github-actions github-actions Bot added the targets-main PR targets main instead of staged label Jun 25, 2026
@aaronpowell aaronpowell removed targets-main PR targets main instead of staged migration: bulk-retarget labels Jun 25, 2026
Comment thread skills/sst-container-vulnerability-patching/SKILL.md Outdated
Comment thread skills/sst-container-vulnerability-patching/SKILL.md
Comment thread skills/sst-container-vulnerability-patching/SKILL.md Outdated
Comment thread skills/sst-container-vulnerability-patching/SKILL.md
Comment thread skills/sst-sql-secretless-auth/SKILL.md
Comment thread skills/sst-sql-secretless-auth/SKILL.md
Comment thread skills/sst-redis-secretless-auth/SKILL.md
Copilot AI review requested due to automatic review settings June 26, 2026 21:42

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 26 out of 26 changed files in this pull request and generated 3 comments.

Comment thread skills/sst-msaljs-migration/SKILL.md
Comment thread skills/sst-msaljs-migration-node-v3-to-v5/SKILL.md
Comment thread skills/sst-msaljs-migration-node-v2-to-v3/SKILL.md
Copilot AI review requested due to automatic review settings June 29, 2026 14:31

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 26 out of 26 changed files in this pull request and generated 4 comments.

Comment thread skills/sst-redis-secretless-auth/SKILL.md
Comment thread skills/sst-redis-secretless-auth/SKILL.md
Comment thread skills/sst-redis-secretless-auth/SKILL.md
Comment thread skills/sst-redis-secretless-auth/SKILL.md
Copilot AI review requested due to automatic review settings June 29, 2026 14:37

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 26 out of 26 changed files in this pull request and generated 1 comment.

Comment thread skills/sst-redis-secretless-auth/SKILL.md
Copilot AI review requested due to automatic review settings June 29, 2026 15:03

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 26 out of 26 changed files in this pull request and generated 8 comments.

Comment thread skills/sst-msaljs-migration/SKILL.md
Comment thread skills/sst-msaljs-migration-node-v2-to-v3/SKILL.md
Comment thread skills/sst-msaljs-migration-node-v3-to-v5/SKILL.md
Comment thread skills/sst-msaljs-migration-node-v3-to-v5/SKILL.md
Comment thread skills/sst-msaljs-migration-node-v3-to-v5/SKILL.md
Comment thread skills/sst-msaljs-migration-node-v3-to-v5/SKILL.md
Comment thread skills/sst-msaljs-migration-node-v3-to-v5/SKILL.md
Comment thread skills/sst-msaljs-migration-node-v3-to-v5/SKILL.md
Comment on lines +7 to +25
## Welcome Banner

When a developer first interacts with you, display this welcome:

```
🛡️ Security Skills Toolkit

Security guidance for Azure Cloud based applications — dedicated skills for Azure managed identity migration, container security, and MSAL.js JavaScript auth library updates. Other Azure security topics are covered by a generic guidance skill.

Non-Azure clouds (AWS, GCP) are out of scope, but I can share general principles.

Describe your security concern or tell me what you're working on.

⚠️ You own the final review — verify all changes before merging to production.
```

After displaying the banner, respond naturally to whatever the developer said or asked. Do not use a scripted introduction — let your first real response demonstrate your capabilities. Do not look up or display a version number; the version is not part of the greeting.

---

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't really useful to include, it's a lot of tokens that are going to pollute the context window of the agent and add cost to the interaction with no real value.

Comment on lines +10 to +15
"keywords": [
"security",
"secretless-auth",
"managed-identity",
"toolkit"
],

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should Azure be in here?


---

## Step 1: Update Angular If Needed

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it might be worth pulling this out to a file in the references folder rather than having it embedded in the skill, same with the rxjs dependency.

This allows the agent to pull in the info only as required, avoiding overloading the context window.


### Phase 2 — Migrate clients to Entra

#### .NET (C#)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It'd be better to use references for this, that way it would be avoiding adding context when it's not needed, but also make it easier to introduce other languages in the future without having to force out to the docs.

- [Microsoft.Azure.StackExchangeRedis NuGet package](https://www.nuget.org/packages/Microsoft.Azure.StackExchangeRedis)
- [Adopt standard SDKs for identity (SFI)](https://learn.microsoft.com/security/zero-trust/sfi/adopt-standard-sdk-identity)

---

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
---

Not needed


---

### Step 3: Update Application Code

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It'd be better to have separate reference files for each of the languages so that the agent only brings in the right code sample based on the language needed, avoiding context overload.


---

## Step 5: Update programmatic connections (client code)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It'd be better to have separate reference files for each of the languages so that the agent only brings in the right code sample based on the language needed, avoiding context overload.


---

## Step 3: Migrate Client Code to Managed Identity

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It'd be better to have separate reference files for each of the languages so that the agent only brings in the right code sample based on the language needed, avoiding context overload.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

agent PR touches agents new-submission PR adds at least one new contribution plugin PR touches plugins skill-check-warning Skill validator reported warnings skills PR touches skills

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants