This directory contains 58 specialized agent skills organized across 12 categories that teach GitHub Copilot repeatable, best-practice workflows for Hack23 AB projects. Skills are automatically loaded by Copilot when relevant to your task.
Latest Update (2026-04-17): All 8 repo agents now carry explicit ISMS Policy Integration + Skills Integration sections with direct URLs to Information Security, Secure Development, Open Source, Access Control, Cryptographic Controls, Data Classification, AI, Change Management, and Acceptable Use policies.
Agent Skills are collections of instructions, rules, and examples that guide Copilot's behavior for specific tasks. They enable:
- Consistency: Ensure all code changes follow Hack23 standards
- Security: Enforce security-by-design principles from ISMS policies
- Quality: Maintain high code quality and documentation standards
- Automation: Repeatable workflows that save time and reduce errors
- Business Strategy: Guide market positioning and revenue optimization
- Intelligence Operations: Enable ethical OSINT and strategic communication
- Comprehensive Testing: Cover unit, integration, E2E, security, accessibility
- Agent Orchestration: Support custom agent collaboration and patterns
Skills are organized by domain and follow the directory structure:
.github/skills/
├── README.md (this file)
├── INDEX.md (skill catalog)
├── security/ (4 skills)
│ ├── secure-development/
│ ├── access-control/
│ ├── cryptography/
│ └── data-classification/
├── architecture/ (3 skills)
│ ├── c4-modeling/
│ ├── security-architecture/
│ └── documentation-portfolio/
├── quality/ (3 skills)
│ ├── html-css-best-practices/
│ ├── accessibility-wcag/
│ └── seo-optimization/
├── deployment/ (2 skills)
│ ├── aws-s3-cloudfront/
│ └── github-actions-cicd/
├── compliance/ (2 skills)
│ ├── iso-27001/
│ └── gdpr/
├── business/ (3 skills) 🆕
│ ├── business-strategy/
│ ├── content-marketing/
│ └── brand-voice-tone/
├── intelligence/ (2 skills) 🆕
│ ├── osint-methods/
│ └── ethical-information-ops/
├── development/ (2 skills) 🆕
│ ├── testing-strategy/
│ └── code-review-practices/
├── documentation/ (2 skills) 🆕
│ ├── product-documentation/
│ └── api-documentation/
└── integration/ (2 skills) 🆕
├── mcp-server-integration/
└── copilot-agent-patterns/
GitHub Copilot automatically:
- Scans
.github/skills/when you open the repository - Loads relevant skills based on your task context
- Applies skill instructions to guide code generation
- Ensures compliance with defined rules and patterns
Each skill is a subdirectory containing:
skill-name/
├── SKILL.md # Main skill definition with YAML frontmatter
├── examples/ # Code examples and templates (optional)
├── templates/ # File templates (optional)
└── docs/ # Additional documentation (optional)
---
name: skill-name
description: When and why Copilot should use this skill
license: Apache-2.0
---
# Skill Name
## Purpose
Clear explanation of what this skill teaches Copilot to do.
## Rules
- Explicit, concrete rules
- What MUST be done
- What MUST NOT be done
## Examples
Concrete code examples showing correct patterns.
## Related Policies
Links to relevant ISMS policies and documentation.All skills in this repository enforce security-by-design principles aligned with:
- Hack23 Public ISMS - Complete security framework
- Secure Development Policy - Development standards
- ISO 27001:2022 - International security management standard
- NIST CSF 2.0 - Cybersecurity framework
- CIS Controls v8.1 - Security best practices
- GDPR & NIS2 - Privacy and network security regulations
See INDEX.md for the complete catalog of available skills organized by category.
Skills work automatically - just work on your code and Copilot will apply relevant skills based on context. No special commands needed.
Agents can reference specific skills in their instructions:
## Skill Integration
When working on this task, leverage these skills:
- `.github/skills/security/secure-development/` - Follow secure coding practices
- `.github/skills/architecture/c4-modeling/` - Use C4 model documentation patterns
- `.github/skills/quality/accessibility-wcag/` - Ensure WCAG 2.1 AA complianceTest skills by working on relevant tasks:
- Make a code change related to the skill domain
- Ask Copilot to review or suggest improvements
- Verify that Copilot applies the skill's rules and patterns
- Identify a repeatable workflow or pattern
- Create skill directory:
.github/skills/category/skill-name/ - Write SKILL.md with YAML frontmatter
- Add examples and templates as needed
- Reference relevant ISMS policies
- Test with Copilot
- Update INDEX.md
- Modify SKILL.md content
- Update examples if needed
- Test changes with Copilot
- Update skill version in frontmatter if using versioning
- Be Explicit: Use concrete rules, not vague suggestions
- Provide Examples: Show correct patterns with code
- Set Boundaries: Clearly state what NOT to do
- Reference Standards: Link to ISMS policies and external standards
- Keep Focused: One skill = one concern
- Stay Current: Update skills as standards evolve
Enforce security controls from Hack23 ISMS policies — includes secure-development, access-control, cryptography, data-classification, incident-response, secrets-management, vulnerability-management, input-validation, open-source, network-security, acceptable-use, ai-governance, mobile-device-management, physical-security, privacy-policy, segregation-of-duties, threat-modeling, owasp-llm-security.
Guide proper system design and documentation patterns.
Ensure code quality, accessibility, and performance.
Standardize deployment and infrastructure patterns.
Maintain regulatory compliance (ISO 27001, NIST CSF 2.0, CIS v8.1, GDPR).
Change management, backup/recovery, business continuity, disaster recovery.
Risk assessment, risk register, asset management, supplier management, stakeholder registry, information-security-strategy, compliance-checklist.
Strategic business development, marketing, and brand management.
OSINT methods and ethical information operations.
Testing strategies, code review, secure code review.
Product and API documentation standards.
MCP server integration, Copilot agent patterns, and GitHub Agentic Workflows (core, security, orchestration, development, continuous AI).
- GitHub Copilot Agent Skills Documentation
- Anthropic Skills Repository
- GitHub Awesome Copilot
- Hack23 ISMS-PUBLIC
When adding new skills:
- Follow the skill structure and naming conventions
- Ensure alignment with ISMS policies
- Include concrete examples
- Test with GitHub Copilot
- Update this README and INDEX.md
- Submit pull request with clear description
- Review the skill's SKILL.md file for detailed guidance
- Check INDEX.md for skill descriptions
- Reference Hack23 ISMS-PUBLIC for policy details
- Consult with the Security Architect or relevant agent
Remember: Skills are your team's playbook. Keep them concrete, testable, and aligned with Hack23's security-first principles.