This goes beyond pattern matching to reason about code the way a security researcher would, tracing data flows across files and catching vulnerabilities that grep won't find. It covers the usual suspects (SQL injection, XSS, command injection, exposed secrets) plus access control bugs, weak crypto, and business logic flaws across eight languages. Every finding includes severity ratings, exploitation context, and a concrete patch you review before applying. The workflow is thorough: dependency audit first, then secrets scan, then deep vulnerability analysis with cross-file tracing, followed by a self-verification pass to filter false positives. If you've ever wanted a second pair of eyes that actually understands what your code does, not just what it looks like, this is worth running before you ship.
npx skills add https://github.com/github/awesome-copilot --skill security-review