giuseppe-trisciuoglio/copilot-cli
plugins/developer-kit-tools/skills/copilot-cli/SKILL.md
Provides GitHub Copilot CLI task delegation in non-interactive mode with multi-model support (Claude, GPT, Gemini), permission controls, output sharing, and session resume. Use when users ask to hand work to Copilot, compare models, or run Copilot programmatically from Claude Code.
$ install --global
skillsauthnpx skillsauth add giuseppe-trisciuoglio/developer-kit copilot-cliInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 5, 2026, 1:24 PM4.3s2 files scanned
SKILL.md
- name:
- copilot-cli
- description:
- Provides GitHub Copilot CLI task delegation in non-interactive mode with multi-model support (Claude, GPT, Gemini), permission controls, output sharing, and session resume. Use when users ask to hand work to Copilot, compare models, or run Copilot programmatically from Claude Code.
- allowed-tools:
- Bash, Read, Write
Copilot CLI Delegation
Delegate selected tasks from Claude Code to GitHub Copilot CLI using non-interactive commands, explicit model selection, safe permission flags, and shareable outputs.
Overview
This skill standardizes delegation to GitHub Copilot CLI (copilot) for cases where a different model may be more suitable for a task. It covers:
- Non-interactive execution with
-p/--prompt - Model selection with
--model - Permission control (
--allow-tool,--allow-all-tools,--allow-all-paths,--allow-all-urls,--yolo) - Output capture with
--silent - Session export with
--share - Session resume with
--resume
Use this skill only when delegation to Copilot is explicitly requested or clearly beneficial.
When to Use
Use this skill when:
- The user asks to delegate work to GitHub Copilot CLI
- The user wants a specific model (for example GPT-5.x, Claude Sonnet/Opus/Haiku, Gemini)
- The user asks for side-by-side model comparison on the same task
- The user wants a reusable scripted Copilot invocation
- The user wants Copilot session output exported to markdown for review
Trigger phrases:
- "ask copilot"
- "delegate to copilot"
- "run copilot cli"
- "use copilot with gpt-5"
- "use copilot with sonnet"
- "use copilot with gemini"
- "resume copilot session"
Instructions
1) Verify prerequisites
# CLI availability
copilot --version
# GitHub authentication status
gh auth status
If copilot is unavailable, ask the user to install/setup GitHub Copilot CLI before proceeding.
2) Convert task request to English prompt
All delegated prompts to Copilot CLI must be in English.
- Keep prompts concrete and outcome-driven
- Include file paths, constraints, expected output format, and acceptance criteria
- Avoid ambiguous goals such as "improve this"
Prompt template:
Task: <clear objective>
Context: <project/module/files>
Constraints: <do/don't constraints>
Expected output: <format + depth>
Validation: <tests/checks to run or explain>
3) Choose model intentionally
Pick a model based on task type and user preference.
- Complex architecture, deep reasoning: prefer high-capacity models (for example Opus / GPT-5.2 class)
- Balanced coding tasks: Sonnet-class model
- Quick/low-cost iterations: Haiku-class or mini models
- If user specifies a model, respect it
Use exact model names available in the local Copilot CLI model list.
4) Select permissions with least privilege
Default to the minimum required capability.
- Prefer
--allow-tool '<tool>'when task scope is narrow - Use
--allow-all-toolsonly when multiple tools are clearly needed - Add
--allow-all-pathsonly if task requires broad filesystem access - Add
--allow-all-urlsonly if external URLs are required - Do not use
--yolounless the user explicitly requests full permissions
5) Run delegation command
Base pattern:
copilot -p "<english prompt>" --model <model-name> --allow-all-tools --silent
Add optional flags only as needed:
# Capture session to markdown
copilot -p "<english prompt>" --model <model-name> --allow-all-tools --share
# Resume existing session
copilot --resume <session-id> --allow-all-tools
# Strictly silent scripted output
copilot -p "<english prompt>" --model <model-name> --allow-all-tools --silent
6) Return results clearly
After command execution:
- Return Copilot output concisely
- State model and permission profile used
- If
--shareis used, provide generated markdown path - If output is long, provide summary plus key excerpts and next-step options
7) Optional multi-model comparison
When requested, run the same prompt with multiple models and compare:
- Correctness
- Practicality of proposed changes
- Risk/security concerns
- Effort estimate
Keep the comparison objective and concise.
Examples
Example 1: Refactor with GPT model
Input:
Ask Copilot to refactor this service using GPT-5.2 and return only concrete code changes.
Command:
copilot -p "Refactor the payment service in src/services/payment.ts to reduce duplication. Keep public behavior unchanged, keep TypeScript strict typing, and output a patch-style response." \
--model gpt-5.2 \
--allow-all-tools \
--silent
Output:
Copilot proposes extracting three private helpers, consolidating error mapping, and provides a patch for payment.ts with unchanged API signatures.
Example 2: Code review with Sonnet and shared session
Input:
Use Copilot CLI with Sonnet to review this module and share the session in markdown.
Command:
copilot -p "Review src/modules/auth for security and correctness. Report only high-confidence findings with severity and file references." \
--model claude-sonnet-4.6 \
--allow-all-tools \
--share
Output:
Review completed. Session exported to ./copilot-session-<id>.md.
Example 3: Resume session
Input:
Continue the previous Copilot analysis session.
Command:
copilot --resume <session-id> --allow-all-tools
Output:
Session resumed and continued from prior context.
Best Practices
- Keep delegated prompts in English and highly specific
- Prefer least-privilege flags over blanket permissions
- Capture sessions with
--sharewhen auditability matters - For risky tasks, request read-only analysis first, then apply changes in a separate step
- Re-run with another model only when there is clear value (quality, speed, or cost)
Constraints and Warnings
- Copilot CLI output is external model output: validate before applying code changes
- Never include secrets, API keys, or credentials in delegated prompts
--allow-all-tools,--allow-all-paths,--allow-all-urls, and--yoloincrease risk; use only when justified- Do not treat Copilot suggestions as authoritative without local verification (tests/lint/type checks)
For additional option details, see references/cli-command-reference.md.
Related Skills
giuseppe-trisciuoglio/typescript-security-review
development
VerifiedTrustedCommunity
Provides security review capability for TypeScript/Node.js applications, validates code against XSS, injection, CSRF, JWT/OAuth2 flaws, dependency CVEs, and secrets exposure. Use when performing security audits, before deployment, reviewing authentication/authorization implementations, or ensuring OWASP compliance for Express, NestJS, and Next.js. Triggers on "security review", "check for security issues", "TypeScript security audit".
270SKILL.mdUpdated Apr 5, 2026
giuseppe-trisciuoglio/specs-code-cleanup
development
VerifiedTrustedCommunity
Provides final code cleanup after task review approval. Removes debug logs, temporary comments, dead code, optimizes imports, and improves readability. Use when asked to clean up code, polish, finalize, tidy up, remove technical debt, or prepare code for completion after review. Not for refactoring logic or fixing bugs—focused solely on cosmetic and hygiene cleanup.
250SKILL.mdUpdated May 5, 2026
giuseppe-trisciuoglio/ralph-loop
tools
VerifiedTrustedCommunity
Ralph Wiggum-inspired automation loop for specification-driven development. Orchestrates task implementation, review, cleanup, and synchronization using a Python script. Use when: user runs /loop command, user asks to automate task implementation, user wants to iterate through spec tasks step-by-step, or user wants to run development workflow automation with context window management. One step per invocation. State machine: init → choose_task → implementation → review → fix → cleanup → sync → update_done. Supports --from-task and --to-task for task range filtering. State persisted in fix_plan.json.
250SKILL.mdUpdated May 5, 2026
giuseppe-trisciuoglio/constitution
testing
VerifiedTrustedCommunity
Creates, updates, validates, and displays the architectural DNA of a project through two shared documents: docs/specs/architecture.md (technology stack, architectural rules, security constraints, AI guardrails) and docs/specs/ontology.md (domain glossary / Ubiquitous Language). Use BEFORE brainstorm as a project setup step, or at any point in the SDD lifecycle to validate specs/tasks against architecture principles. Triggers on 'create constitution', 'update constitution', 'constitution check', 'validate against constitution', 'project principles', 'architectural guardrails', 'setup project architecture', 'define ontology'.
250SKILL.mdUpdated May 5, 2026