robotti-io/markdown-customizations
.github/skills/markdown-customizations/SKILL.md
Use this skill when creating or editing GitHub Copilot customization Markdown files (agent profiles, prompt files, instruction files, and skills).
$ install --global
skillsauthnpx skillsauth add robotti-io/copilot-security-instructions markdown-customizationsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 11, 2026, 10:56 PM6.3s1 file scanned
SKILL.md
- name:
- markdown-customizations
- description:
- Use this skill when creating or editing GitHub Copilot customization Markdown files (agent profiles, prompt files, instruction files, and skills).
- license:
- CC0-1.0
Markdown Customizations Skill
Purpose
Help create and maintain Copilot customization files with correct structure and consistent, high-signal instructions.
When to use
Use this skill when working on any of:
agents/*.agent.mdprompts/*.prompt.mdinstructions/*.instructions.mdskills/**/SKILL.md
Procedure
- Identify the target file type and verify the correct path + extension.
- Add YAML frontmatter at the top with required keys.
- Write the body using this structure:
# Title## Purpose## How to use## Rules(MUST/SHOULD/MAY)## Examples(at least one when ambiguity is likely)
- Validate glob patterns for
.instructions.mdfiles. - Ensure no contradictions with repo-wide
copilot-instructions.md.
Do / Don’t
Do
- Use short, testable rules (e.g., “MUST include
descriptionin agent profiles”). - Provide one minimal realistic example for each “pattern” (agent/prompt/instructions/skill).
- Use fenced code blocks with
yamlormdtags.
Don’t
- Don’t put YAML anywhere except the initial frontmatter block.
- Don’t create
skill.md; the file must be namedSKILL.md. - Don’t introduce conflicting guidance across multiple instruction files.
Examples
Agent profile frontmatter example
---
name: my-agent
description: Short description of what this agent does
tools: ["read", "search", "edit"]
---
Path-specific instructions frontmatter example
---
applyTo: ".github/prompts/**/*.prompt.md"
excludeAgent: "code-review"
---
Prompt file frontmatter example
---
agent: "agent"
description: "One-line description of what this prompt does"
---
Related Skills
robotti-io/threat-model
tools
VerifiedTrustedCommunity
Threat model a system, feature, service, or PR using Shostack's 4Q workflow, evidence-first analysis, risk scoring, and CLI-friendly Mermaid helper scripts.
39SKILL.mdUpdated Apr 19, 2026
robotti-io/access-control-review
testing
VerifiedTrustedCommunity
Analyze repository-grounded identity, access control, and authorization design with evidence-first reporting and script-validated Mermaid diagrams.
39SKILL.mdUpdated Apr 19, 2026
robotti-io/threat-model
tools
VerifiedTrustedCommunity
Threat model a system, feature, service, or PR using Shostack's 4Q workflow, evidence-first analysis, risk scoring, and CLI-friendly Mermaid helper scripts.
39SKILL.mdUpdated Apr 19, 2026
robotti-io/dependency-cve-triage
content-media
VerifiedTrustedCommunity
Triage a dependency CVE using local repo evidence and remediation guidance.
39SKILL.mdUpdated Apr 19, 2026