Menu
Analyze Azure resources used in the app (IaC files and/or resources in a target rg) and optimize costs - creating GitHub issues for identified optimizations.
Create, set up, or update the personal context portfolio: structured markdown files describing who you are, how you work, your teams, and your tool/ADO configuration. Runs the interview workflow for first-time setup and targeted edits for updates. Trigger this skill when the user asks to: set up their context, create or update their context portfolio, "create my IQ", "set up my IQ", edit their profile, add/remove a stakeholder, update ADO config, change team info, update pillars, or set up any plugin configuration. Trigger when another skill fails to find context (missing files or TODO markers) and needs context populated. Also trigger when the user mentions a context change in passing (e.g., "my manager changed", "we added someone to the team") to offer a context file update. Do NOT trigger for read-only questions like "who's on my team?" or "what's my ADO config?". Those are answered directly from the context files referenced in the loaded custom instructions; no skill is needed.
Adopt repository-level harness engineering for coding agents. Use when a user wants to prevent repeated AI coding-agent mistakes by turning failures into durable instructions, drift checks, regression tests, failure memory, and adoption reports tailored to the target repository.
Security hardening reviewer for GitHub Actions workflow files (.github/workflows/*.yml). Reasons about the Actions threat model that pattern matchers and general code linters miss — untrusted-input script injection, privileged triggers running fork code, mutable action references, and over-scoped tokens. Use this skill when asked to review, audit, harden, or secure a GitHub Actions workflow, when writing a new workflow, or for any request like "is this workflow safe?", "review my CI for security issues", "why is pull_request_target dangerous here?", "pin my actions", or "lock down GITHUB_TOKEN permissions". Covers script injection via ${{ }} interpolation, pull_request_target / workflow_run privilege escalation, SHA-pinning of third-party actions, least-privilege permissions, GITHUB_ENV/GITHUB_OUTPUT injection, secret exposure, OIDC over long-lived credentials, and self-hosted runner exposure on public repositories.
Build GitHub Copilot workflows with Xquik X API SDKs, REST endpoints, MCP tools, signed webhooks, tweet search, user lookup, follower exports, media actions, and agent automation.
Comprehensive guide for configuring and managing GitHub Dependabot. Use this skill when users ask about creating or optimizing dependabot.yml files, managing Dependabot pull requests, configuring dependency update strategies, setting up grouped updates, monorepo patterns, multi-ecosystem groups, security update configuration, auto-triage rules, or any GitHub Advanced Security (GHAS) supply chain security topic related to Dependabot. For pre-commit dependency vulnerability scanning in AI coding agents via the GitHub MCP Server, this skill references the Advanced Security plugin (`advanced-security@copilot-plugins`). Use this skill when an agent needs to scan dependencies for known vulnerabilities before committing.
Enable code intelligence (go-to-definition, find-references, hover, type info) for any programming language by installing and configuring an LSP server for Copilot CLI. Detects the OS, installs the right server, and generates the JSON configuration (user-level or repo-level). Use when you need deeper code understanding and no LSP server is configured, or when the user asks to set up, install, or configure an LSP server.
| name | az-cost-optimize |
| description | Analyze Azure resources used in the app (IaC files and/or resources in a target rg) and optimize costs - creating GitHub issues for identified optimizations. |
This workflow analyzes Infrastructure-as-Code (IaC) files and Azure resources to generate cost optimization recommendations. It creates individual GitHub issues for each optimization opportunity plus one EPIC issue to coordinate implementation, enabling efficient tracking and execution of cost savings initiatives.
azmcp-*) over direct Azure CLI when availableAction: Retrieve cost optimization best practices before analysis Tools: Azure MCP best practices tool Process:
azmcp-bestpractices-get to get some of the latest Azure optimization guidelines. This may not cover all scenarios but provides a foundation.Action: Dynamically discover and analyze Azure resources and configurations Tools: Azure MCP tools + Azure CLI fallback + Local file system access Process:
Resource Discovery:
azmcp-subscription-list to find available subscriptionsazmcp-group-list --subscription <subscription-id> to find resource groupsaz resource list --subscription <id> --resource-group <name>azmcp-cosmos-account-list --subscription <id> - Cosmos DB accountsazmcp-storage-account-list --subscription <id> - Storage accountsazmcp-monitor-workspace-list --subscription <id> - Log Analytics workspacesazmcp-keyvault-key-list - Key Vaultsaz webapp list - Web Apps (fallback - no MCP tool available)az appservice plan list - App Service Plans (fallback)az functionapp list - Function Apps (fallback)az sql server list - SQL Servers (fallback)az redis list - Redis Cache (fallback)IaC Detection:
file_search to scan for IaC files: "/*.bicep", "/*.tf", "/main.json", "/template.json"Configuration Analysis:
Action: Gather utilization data AND verify actual resource costs Tools: Azure MCP monitoring tools + Azure CLI Process:
Find Monitoring Sources:
azmcp-monitor-workspace-list --subscription <id> to find Log Analytics workspacesazmcp-monitor-table-list --subscription <id> --workspace <name> --table-type "CustomLog" to discover available dataExecute Usage Queries:
azmcp-monitor-log-query with these predefined queries:
// CPU utilization for App Services
AppServiceAppLogs
| where TimeGenerated > ago(7d)
| summarize avg(CpuTime) by Resource, bin(TimeGenerated, 1h)
// Cosmos DB RU consumption
AzureDiagnostics
| where ResourceProvider == "MICROSOFT.DOCUMENTDB"
| where TimeGenerated > ago(7d)
| summarize avg(RequestCharge) by Resource
// Storage account access patterns
StorageBlobLogs
| where TimeGenerated > ago(7d)
| summarize RequestCount=count() by AccountName, bin(TimeGenerated, 1d)
Calculate Baseline Metrics:
VALIDATE CURRENT COSTS:
az billing commandsAction: Analyze resources to identify optimization opportunities Tools: Local analysis using collected data Process:
Apply Optimization Patterns based on resource types found:
Compute Optimizations:
Database Optimizations:
Storage Optimizations:
Infrastructure Optimizations:
Calculate Evidence-Based Savings:
Calculate Priority Score for each recommendation:
Priority Score = (Value Score × Monthly Savings) / (Risk Score × Implementation Days)
High Priority: Score > 20
Medium Priority: Score 5-20
Low Priority: Score < 5
Validate Recommendations:
Action: Present summary and get approval before creating GitHub issues Process:
Display Optimization Summary:
🎯 Azure Cost Optimization Summary
📊 Analysis Results:
• Total Resources Analyzed: X
• Current Monthly Cost: $X
• Potential Monthly Savings: $Y
• Optimization Opportunities: Z
• High Priority Items: N
🏆 Recommendations:
1. [Resource]: [Current SKU] → [Target SKU] = $X/month savings - [Risk Level] | [Implementation Effort]
2. [Resource]: [Current Config] → [Target Config] = $Y/month savings - [Risk Level] | [Implementation Effort]
3. [Resource]: [Current Config] → [Target Config] = $Z/month savings - [Risk Level] | [Implementation Effort]
... and so on
💡 This will create:
• Y individual GitHub issues (one per optimization)
• 1 EPIC issue to coordinate implementation
❓ Proceed with creating GitHub issues? (y/n)
Wait for User Confirmation: Only proceed if user confirms
Action: Create separate GitHub issues for each optimization opportunity. Label them with "cost-optimization" (green color), "azure" (blue color).
MCP Tools Required: create_issue for each recommendation
Process:
Create Individual Issues using this template:
Title Format: [COST-OPT] [Resource Type] - [Brief Description] - $X/month savings
Body Template:
## 💰 Cost Optimization: [Brief Title]
**Monthly Savings**: $X | **Risk Level**: [Low/Medium/High] | **Implementation Effort**: X days
### 📋 Description
[Clear explanation of the optimization and why it's needed]
### 🔧 Implementation
**IaC Files Detected**: [Yes/No - based on file_search results]
```bash
# If IaC files found: Show IaC modifications + deployment
# File: infrastructure/bicep/modules/app-service.bicep
# Change: sku.name: 'S3' → 'B2'
az deployment group create --resource-group [rg] --template-file infrastructure/bicep/main.bicep
# If no IaC files: Direct Azure CLI commands + warning
# ⚠️ No IaC files found. If they exist elsewhere, modify those instead.
az appservice plan update --name [plan] --sku B2
Priority Score: X | Value: X/10 | Risk: X/10
Action: Create master issue to track all optimization work. Label it with "cost-optimization" (green color), "azure" (blue color), and "epic" (purple color).
MCP Tools Required: create_issue for EPIC
Note about mermaid diagrams: Ensure you verify mermaid syntax is correct and create the diagrams taking accessibility guidelines into account (styling, colors, etc.).
Process:
Create EPIC Issue:
Title: [EPIC] Azure Cost Optimization Initiative - $X/month potential savings
Body Template:
# 🎯 Azure Cost Optimization EPIC
**Total Potential Savings**: $X/month | **Implementation Timeline**: X weeks
## 📊 Executive Summary
- **Resources Analyzed**: X
- **Optimization Opportunities**: Y
- **Total Monthly Savings Potential**: $X
- **High Priority Items**: N
## 🏗️ Current Architecture Overview
```mermaid
graph TB
subgraph "Resource Group: [name]"
[Generated architecture diagram showing current resources and costs]
end