suggest-awesome-github-copilot-instructions

github.com/github/awesome-copilot
Verdict: Generally safe
0 critical0 high5 medium
B
SCORE 75 / 100
$skillox install suggest-awesome-github-copilot-instructionsSoon
Sign in to followFollowing emails you when a re-scan drops the grade. Opt-out is per-creator on /account/billing.

Why grade B?

score · 75 / 100

The current grade reflects 5 medium findings (3+ MEDs → B).

0 CRIT0 HIGH5 MED0 LOW
To reach a higher grade
  • A
    Reach Atarget score 95

    Resolve 3 of 5 MED (cap is 2).

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Latest scan findings

Scan crawl-jw0r06p0k3gq9hfx1hz4p822 · Thu, 28 May 2026 16:56:45 GMT · 3ms

med
No capability manifest declared
The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.
rule: no-manifest
med
Link text shows "readme.instructions.md" but points at github.com
The visible link text contains the domain `readme.instructions.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
rule: anchor-href-mismatchline: 12CWE-601
10## Process
11
121. **Fetch Available Instructions**: Extract instruction list and descriptions from [awesome-copilot README.instructions.md](https://github.com/github/awesome-copilot/blob/main/docs/README.instructions.md). Must use `#fetch` tool.text→readme.instructions.md · href→github.com
132. **Scan Local Instructions**: Discover existing instruction files in `.github/instructions/` folder
143. **Extract Descriptions**: Read front matter from local instruction files to get descriptions and `applyTo` patterns
med
Link text shows "blazor.instructions.md" but points at github.com
The visible link text contains the domain `blazor.instructions.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
rule: anchor-href-mismatchline: 54CWE-601
52| Awesome-Copilot Instruction | Description | Already Installed | Similar Local Instruction | Suggestion Rationale |
53|------------------------------|-------------|-------------------|---------------------------|---------------------|
54| [blazor.instructions.md](https://github.com/github/awesome-copilot/blob/main/instructions/blazor.instructions.md) | Blazor development guidelines | ✅ Yes | blazor.instructions.md | Already covered by existing Blazor instructions |text→blazor.instructions.md · href→github.com
55| [reactjs.instructions.md](https://github.com/github/awesome-copilot/blob/main/instructions/reactjs.instructions.md) | ReactJS development standards | ❌ No | None | Would enhance React development with established patterns |
56| [java.instructions.md](https://github.com/github/awesome-copilot/blob/main/instructions/java.instructions.md) | Java development best practices | ⚠️ Outdated | java.instructions.md | applyTo pattern differs: remote uses `'**/*.java'` vs local `'*.java'` - Update recommended |
med
Link text shows "reactjs.instructions.md" but points at github.com
The visible link text contains the domain `reactjs.instructions.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
rule: anchor-href-mismatchline: 55CWE-601
53|------------------------------|-------------|-------------------|---------------------------|---------------------|
54| [blazor.instructions.md](https://github.com/github/awesome-copilot/blob/main/instructions/blazor.instructions.md) | Blazor development guidelines | ✅ Yes | blazor.instructions.md | Already covered by existing Blazor instructions |
55| [reactjs.instructions.md](https://github.com/github/awesome-copilot/blob/main/instructions/reactjs.instructions.md) | ReactJS development standards | ❌ No | None | Would enhance React development with established patterns |text→reactjs.instructions.md · href→github.com
56| [java.instructions.md](https://github.com/github/awesome-copilot/blob/main/instructions/java.instructions.md) | Java development best practices | ⚠️ Outdated | java.instructions.md | applyTo pattern differs: remote uses `'**/*.java'` vs local `'*.java'` - Update recommended |
57
med
Link text shows "java.instructions.md" but points at github.com
The visible link text contains the domain `java.instructions.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
rule: anchor-href-mismatchline: 56CWE-601
54| [blazor.instructions.md](https://github.com/github/awesome-copilot/blob/main/instructions/blazor.instructions.md) | Blazor development guidelines | ✅ Yes | blazor.instructions.md | Already covered by existing Blazor instructions |
55| [reactjs.instructions.md](https://github.com/github/awesome-copilot/blob/main/instructions/reactjs.instructions.md) | ReactJS development standards | ❌ No | None | Would enhance React development with established patterns |
56| [java.instructions.md](https://github.com/github/awesome-copilot/blob/main/instructions/java.instructions.md) | Java development best practices | ⚠️ Outdated | java.instructions.md | applyTo pattern differs: remote uses `'**/*.java'` vs local `'*.java'` - Update recommended |text→java.instructions.md · href→github.com
57
58## Local Instructions Discovery Process
View latest scan →
skillox.io/c/suggest-awesome-github-copilot-instructions