microsoft/security-reviewer-formats
.github/skills/security/security-reviewer-formats/SKILL.md
Format specifications and data contracts for the security reviewer orchestrator and its subagents - Brought to you by microsoft/hve-core.
$ install --global
skillsauthnpx skillsauth add microsoft/hve-core security-reviewer-formatsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 9, 2026, 2:13 AM230.6s5 files scanned
SKILL.md
- name:
- security-reviewer-formats
- description:
- Format specifications and data contracts for the security reviewer orchestrator and its subagents - Brought to you by microsoft/hve-core.
- license:
- MIT
- user-invocable:
- false
- authors:
- microsoft/hve-core
- spec_version:
- 1.0
- last_updated:
- 2026-03-16
Security Reviewer Formats — Skill Entry
This SKILL.md is the entrypoint for the security reviewer format specifications skill.
The skill provides shared format templates and data contracts used by the security reviewer orchestrator and its subagents during vulnerability assessments. Each reference file covers a focused area of the reporting pipeline.
Normative references
- Report Formats — VULN_REPORT_V1 template, diff mode qualifiers, and PLAN_REPORT_V1 template.
- Finding Formats — Finding Serialization Format and Verified Findings Collection Format.
- Completion Formats — Scan Status Format, Scan Completion Format, and Minimal Profile Stub Format.
- Severity Definitions — Standard severity level definitions for all OWASP skill assessments.
Skill layout
SKILL.md— this file (skill entrypoint).references/— format specification documents.report-formats.md— full report templates for audit, diff, and plan modes.finding-formats.md— serialization and collection formats for findings exchange between subagents.completion-formats.md— status updates, completion summaries, and the minimal profile stub.severity-definitions.md— severity level table shared across all assessments.
🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.
Related Skills
microsoft/pr-reference
tools
VerifiedTrustedCommunity
Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. - Brought to you by microsoft/hve-core
909SKILL.mdUpdated Apr 9, 2026
microsoft/secure-by-design
development
VerifiedTrustedCommunity
Secure by Design principles knowledge base for assessing adherence to security-first design, development, and deployment practices across the software lifecycle - Brought to you by microsoft/hve-core.
909SKILL.mdUpdated Apr 9, 2026
microsoft/owasp-top-10
development
VerifiedTrustedCommunity
OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments - Brought to you by microsoft/hve-core.
909SKILL.mdUpdated Apr 9, 2026
microsoft/owasp-mcp
tools
VerifiedTrustedCommunity
OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to you by microsoft/hve-core.
909SKILL.mdUpdated Apr 9, 2026