Skills
Skills are reusable instruction files that give GitHub Copilot domain-specific knowledge. They can be composed across agents and workflows.
Available Skills
| Skill | Purpose |
|---|---|
| Memory | Export all stored memories and context about the user from past conversations |
| Clone Website | Reverse-engineer and pixel-perfect clone any website using browser automation |
| Code Review | Thorough code review with severity-rated findings across correctness, security, and maintainability |
| Git Workflow | Branching strategies, commit conventions, PR standards, conflict resolution, and release tagging |
| Refactoring | Safe, behaviour-preserving code improvement with test-first discipline |
| API Design | REST API design — resources, HTTP semantics, status codes, pagination, versioning |
| Testing Strategy | Test pyramid, what to unit/integration/E2E test, coverage targets, test naming |
| Observability | Structured logging, metrics, distributed tracing, health checks, alerting, dashboards |
| Security Checklist | Rapid OWASP-aligned security review across input validation, auth, secrets, and headers |
Infrastructure and Process Skills
| Skill | Purpose |
|---|---|
| Docker Containerization | Dockerfiles, multi-stage builds, docker-compose, image hardening |
| CI/CD Pipeline | GitHub Actions / GitLab CI build, test, scan, and deploy pipelines |
| Database Migrations | Zero-downtime migrations, backwards compatibility, rollback plans |
| Performance Profiling | Profiling tools, bottleneck identification, before/after benchmarks |
| Feature Flags | Flag types, rollout strategies, lifecycle, safe removal |
| Data Modeling | ERD, normalisation, index strategy, schema evolution |
| Dependency Management | CVE scanning, version pinning, automated update workflows |
| Incident Runbook | Runbook authoring — detection, diagnosis, resolution, verification |
How Skills Work
Skills are markdown files referenced in agent instructions or chat prompts. When invoked, Copilot reads the skill file and follows its instructions within the current context.
Skills can be combined — for example, invoke Code Review and Security Checklist together when reviewing a PR to get both quality and security analysis in one pass.