Reinasboo/copilot-coding-agent
.agents/skills/copilot-coding-agent/SKILL.md
GitHub Copilot Coding Agent automation. Apply the ai-copilot label to an issue → GitHub Actions auto-assigns Copilot via GraphQL → Copilot creates a Draft PR. One-click issue-to-PR pipeline.
tools
Updated Apr 15, 2026
$ install --global
skillsauthnpx skillsauth add Reinasboo/Bountylab copilot-coding-agentInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 6, 2026, 11:29 AM34.8s1 file scanned
SKILL.md
- name:
- copilot-coding-agent
- description:
- GitHub Copilot Coding Agent automation. Apply the ai-copilot label to an issue → GitHub Actions auto-assigns Copilot via GraphQL → Copilot creates a Draft PR. One-click issue-to-PR pipeline.
- allowed-tools:
- Read Write Bash Grep Glob
- tags:
- copilot, copilotview, github-actions, issue-to-pr, draft-pr, graphql, automation, ai-agent
- platforms:
- Claude, Codex, Gemini
- keyword:
- copilotview
- version:
- 1.0.0
- source:
- https://docs.github.com/en/copilot/how-tos/use-copilot-agents/coding-agent
GitHub Copilot Coding Agent — Issue → Draft PR automation
If you add the
ai-copilotlabel to an issue, GitHub Actions automatically assigns it to Copilot, and Copilot creates a branch → writes code → opens a Draft PR.
When to use this skill
- When PMs/designers create issues and Copilot starts implementation without a developer
- When offloading backlog issues (refactors/docs/tests) to Copilot
- When delegating follow-up work created by Vibe Kanban / Conductor to Copilot
- When automating pipelines like Jira → GitHub Issue → Copilot PR
Prerequisites
- GitHub plan: Copilot Pro+, Business, or Enterprise
- Copilot Coding Agent enabled: Must be enabled in repo settings
- gh CLI: Authenticated
- PAT: Personal Access Token with
reposcope
One-time setup
# One-click setup (register token + deploy workflow + create label)
bash scripts/copilot-setup-workflow.sh
This script does:
- Register
COPILOT_ASSIGN_TOKENas a repo secret - Deploy
.github/workflows/assign-to-copilot.yml - Create the
ai-copilotlabel
Usage
Option 1: GitHub Actions automation (recommended)
# Create issue + ai-copilot label → auto-assign Copilot
gh issue create \
--label ai-copilot \
--title "Add user authentication" \
--body "Implement JWT-based auth with refresh tokens. Include login, logout, refresh endpoints."
Option 2: Add a label to an existing issue
# Add label to issue #42 → trigger Actions
gh issue edit 42 --add-label ai-copilot
Option 3: Assign directly via script
export COPILOT_ASSIGN_TOKEN=<your-pat>
bash scripts/copilot-assign-issue.sh 42
How it works (technical)
Issue created/labeled
↓
GitHub Actions triggered (assign-to-copilot.yml)
↓
Look up Copilot bot ID via GraphQL
↓
replaceActorsForAssignable → set Copilot as assignee
↓
Copilot Coding Agent starts processing the issue
↓
Create branch → write code → open Draft PR
↓
Auto-assign you as PR reviewer
Required GraphQL header:
GraphQL-Features: issues_copilot_assignment_api_support,coding_agent_model_selection
GitHub Actions workflows
| Workflow | Trigger | Purpose |
|---------|--------|------|
| assign-to-copilot.yml | Issue labeled ai-copilot | Auto-assign to Copilot |
| copilot-pr-ci.yml | PR open/update | Run CI (build + tests) |
Copilot PR limitations
Copilot is treated like an external contributor.
- PRs are created as Draft by default
- Before the first Actions run, a manual approval from someone with write access is required
- After approval,
copilot-pr-ci.ymlCI runs normally
# Check CI after manual approval
gh pr list --search 'head:copilot/'
gh pr view <pr-number>
planno (plannotator) integration — optional
Review the issue spec in planno before assigning to Copilot (independent skill, not required):
Review and approve this issue spec in planno
After approval, add the ai-copilot label → trigger Actions.
Common use cases
1. Label-based Copilot queue
PM writes an issue → add ai-copilot label
→ Actions auto-assigns → Copilot creates Draft PR
→ Team only performs PR review
2. Combined with Vibe Kanban / Conductor
Follow-up issues created by Vibe Kanban:
refactors/docs cleanup/add tests
→ ai-copilot label → Copilot handles
→ Team focuses on main feature development
3. External system integration
Jira issue → Zapier/webhook → auto-create GitHub Issue
→ ai-copilot label → Copilot PR
→ Fully automated pipeline
4. Refactoring backlog processing
# Bulk-add label to backlog issues
gh issue list --label "tech-debt" --json number \
| jq '.[].number' \
| xargs -I{} gh issue edit {} --add-label ai-copilot
Check results
# List PRs created by Copilot
gh pr list --search 'head:copilot/'
# Specific issue status
gh issue view 42
# PR CI status
gh pr checks <pr-number>
References
- GitHub Copilot Coding Agent overview
- Ask Copilot to create a PR (GraphQL example)
- Official docs: assign Copilot to an issue
- Copilot PR permissions/limitations
- GitHub Copilot coding agent (VSCode docs)
Quick Reference
=== Setup ===
bash scripts/copilot-setup-workflow.sh one-time setup
=== Issue assignment ===
gh issue create --label ai-copilot ... new issue + auto-assign
gh issue edit <num> --add-label ai-copilot existing issue
bash scripts/copilot-assign-issue.sh <num> manual assign
=== Verify results ===
gh pr list --search 'head:copilot/' Copilot PR list
gh pr view <num> PR details
gh pr checks <num> CI status
=== Constraints ===
Copilot Pro+/Business/Enterprise required
First PR requires manual approval (treated as an external contributor)
PAT: repo scope required
Related Skills
Reinasboo/security-review
development
VerifiedTrustedCommunity
Security code review for vulnerabilities. Use when asked to "security review", "find vulnerabilities", "check for security issues", "audit security", "OWASP review", or review code for injection, XSS, authentication, authorization, cryptography issues. Provides systematic review with confidence-based reporting.
SKILL.mdUpdated Apr 15, 2026
Reinasboo/security-best-practices
development
VerifiedTrustedCommunity
Implement security best practices for web applications and infrastructure. Use when securing APIs, preventing common vulnerabilities, or implementing security policies. Handles HTTPS, CORS, XSS, SQL Injection, CSRF, rate limiting, and OWASP Top 10.
SKILL.mdUpdated Apr 15, 2026
Reinasboo/responsive-design
development
VerifiedTrustedCommunity
Create responsive web designs that work across all devices and screen sizes. Use when building mobile-first layouts, implementing breakpoints, or optimizing for different viewports. Handles CSS Grid, Flexbox, media queries, viewport units, and responsive images.
SKILL.mdUpdated Apr 15, 2026
Reinasboo/remotion-video-production
content-media
VerifiedTrustedCommunity
Produce programmable videos with Remotion using scene planning, asset orchestration, and validation gates for automated, brand-consistent video content.
SKILL.mdUpdated Apr 15, 2026