This runs your AI agent codebase against the OWASP Agentic Security Initiative Top 10, a standard for autonomous agent security that's separate from general LLM safety. It scans for controls like input validation before tool execution (ASI-01), tool allowlists and argument validation (ASI-02), capability boundaries (ASI-03), and cryptographic agent identity instead of string names (ASI-07). Use it before production deployment or when someone asks "is my agent OWASP compliant?" The structured approach is helpful because agent security is genuinely different from chatbot security. You're checking whether your system prevents prompt injection at the tool layer, not just the LLM output layer, which matters when agents can execute code or call APIs.
npx skills add https://github.com/github/awesome-copilot --skill agent-owasp-compliance