Security Alert Review

Name: Security Alert Review
Author: microsoft

microsoft/azure-devops-skills

Pull and triage Azure DevOps Advanced Security alerts for a repo—dependencies, secrets, and code scanning—with severity filters.

Install

npx skills add https://github.com/microsoft/azure-devops-skills --skill security-alert-review

What is this skill?

Lists dependency, secret exposure, and code scanning alerts via advsec_get_alerts
Enforces project then repository selection with one user prompt before listing projects or repos
Supports filtering by severity, state, and alert type for focused triage
Uses Azure DevOps MCP tools: core_list_projects, repo_list_repos_by_project, advsec_get_alerts
Requires both project and repository context—cannot fetch alerts org-wide without them

Adoption & trust: 29 installs on skills.sh; 23 GitHub stars; 2/3 security scanners passed (skills.sh audits).

Recommended Skills

Azure Compliancemicrosoft/azure-skills

Azure Compliance is a Microsoft agent skill for solo builders and small teams who need structured security and complianc…373k installs·1.2k stars

Openclaw Secure Linux Cloudxixu-me/skills

OpenClaw Secure Linux Cloud guides a hardened VPS deployment—rootless Podman, loopback-only gateway, SSH-tunneled Contro…201k installs·61 stars

Entra Agent Idmicrosoft/azure-skills

entra-agent-id is a Microsoft-authored agent skill for provisioning and operating OAuth-capable identities tailored to A…99.1k installs·1.2k stars

Firebase Security Rules Auditorfirebase/agent-skills

Firebase Security Rules Auditor turns your agent into a senior penetration-style reviewer for Firestore rulesets. Solo b…40.3k installs·345 stars

Firestore Security Rules Auditorfirebase/agent-skills

Firestore-security-rules-auditor is a checker skill for solo builders and small teams shipping Firebase-backed apps who …20.3k installs·345 stars

Skill Vetteruseai-pro/openclaw-skills-security

Skill Vetter is a security-first OpenClaw agent skill that makes your coding agent behave like a pre-install auditor for…19.2k installs·62 stars

Journey fit

Primary fit

Security alert review is canonical on the Ship shelf because it gates release readiness, but the same workflow supports ongoing production hygiene. Advanced Security findings (SCA, secret scanning, code analysis) map directly to pre-ship and continuous appsec review.

Common Questions / FAQ

Is Security Alert Review safe to install?

skills.sh reports 2 of 3 security scanners passed. Review the Security Audits panel on this page before installing in production.

SKILL.md

READMESKILL.md - Security Alert Review

# Security alert review

This skill works in the context of a **project** and a **repository**. Both are required to retrieve alerts.

## Project selection

- If the user **provides a project name** in their request (for example, "for Contoso"), use that project directly and **do not call** `core_list_projects`.
- If the user **does not provide a project name**, first ask the user once to provide the project name.
- If the project name is **still not provided after asking once**, call `core_list_projects` to return a list of projects the user can choose from.

## Repository selection

- If the user **provides a repository name**, use that repository directly.
- If the user **does not specify a repository**, ask the user once for the repository name.
- If the repository name is **still not provided after asking once**, call `repo_list_repos_by_project` to list available repositories for the user to choose from.

# Tools

Use Azure DevOps MCP Server tools for all interactions with Azure DevOps.

- `core_list_projects`: Get a list of projects in the organization.
- `repo_list_repos_by_project`: Get a list of repositories for a project.
- `advsec_get_alerts`: Get Advanced Security alerts for a repository, with optional filters for severity, state, alert type, and confidence level.
- `advsec_get_alert_details`: Get detailed information about a specific alert by ID.

# Rules

## 1. List alerts for a repository

- When the user asks to **list alerts**, **show security alerts**, or **review alerts**, call `advsec_get_alerts` for the specified project and repository.
- Apply filters based on the user's request:
  - **Severity**: filter by `severities` (for example, "show critical alerts" → `["Critical"]`).
  - **State**: filter by `states` (for example, "show active alerts" → `["Active"]`).
  - **Alert type**: filter by `alertType` (for example, "show dependency alerts" → `"Dependency"`). Valid types are: `Dependency`, `Secret`, `Code`.
- Always include `confidenceLevels: ["High", "Other"]` on every call to `advsec_get_alerts` unless the user explicitly requests a specific confidence filter.
- If the user does not specify filters, show all active alerts on the default branch by default (use `onlyDefaultBranch: true`, `states: ["Active"]`, and `confidenceLevels: ["High", "Other"]`).
- Show the results in a table.
- If there are no alerts, explicitly state that there are no alerts matching the criteria for this repository.

### Example

- "show security alerts for repo MyApp in project Contoso"
- "list critical dependency alerts for repo MyApp"
- "show all active secret alerts in repo MyApp"

## 2. Get details for a specific alert

- When the user asks about a **specific alert** (for example, "alert 42" or "tell me about alert 42"), call `advsec_get_alert_details` with the alert ID, project, and repository.
- Show all available detail fields including the affected file, line number, description, remediation guidance, and rule information.

### Example

- "show details for alert 42 in repo MyApp, project Contoso"
- "what is alert 42 about?"

## 3. Summary view

- When the user asks for a **summary** or **overview** of alerts, call `advsec_get_alerts` (with no severity or type filter, `states: ["Active"]`, and `confidenceLevels: ["High", "Other"]`) and present a summary grouped by:
  1. **Alert type** (Dependency, Secret, Code) with count.
  2. **Severity** (Critical, High, Medium, Low, Other) with count per type.
- Show the summary as a compact table followed by the total count.
- Note: `advsec_get_alerts` returns up to 100 alerts by default. If the results include a continuation token, let the user know the summary is based on the first batch of alerts and that additional alerts exist.

###

What is this skill?

Lists dependency, secret exposure, and code scanning alerts via advsec_get_alerts

Enforces project then repository selection with one user prompt before listing projects or repos

Supports filtering by severity, state, and alert type for focused triage

Uses Azure DevOps MCP tools: core_list_projects, repo_list_repos_by_project, advsec_get_alerts

Requires both project and repository context—cannot fetch alerts org-wide without them

Adoption & trust: 29 installs on skills.sh; 23 GitHub stars; 2/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

SKILL.md

READMESKILL.md - Security Alert Review

# Security alert review

This skill works in the context of a **project** and a **repository**. Both are required to retrieve alerts.

## Project selection

- If the user **provides a project name** in their request (for example, "for Contoso"), use that project directly and **do not call** `core_list_projects`.
- If the user **does not provide a project name**, first ask the user once to provide the project name.
- If the project name is **still not provided after asking once**, call `core_list_projects` to return a list of projects the user can choose from.

## Repository selection

- If the user **provides a repository name**, use that repository directly.
- If the user **does not specify a repository**, ask the user once for the repository name.
- If the repository name is **still not provided after asking once**, call `repo_list_repos_by_project` to list available repositories for the user to choose from.

# Tools

Use Azure DevOps MCP Server tools for all interactions with Azure DevOps.

- `core_list_projects`: Get a list of projects in the organization.
- `repo_list_repos_by_project`: Get a list of repositories for a project.
- `advsec_get_alerts`: Get Advanced Security alerts for a repository, with optional filters for severity, state, alert type, and confidence level.
- `advsec_get_alert_details`: Get detailed information about a specific alert by ID.

# Rules

## 1. List alerts for a repository

- When the user asks to **list alerts**, **show security alerts**, or **review alerts**, call `advsec_get_alerts` for the specified project and repository.
- Apply filters based on the user's request:
  - **Severity**: filter by `severities` (for example, "show critical alerts" → `["Critical"]`).
  - **State**: filter by `states` (for example, "show active alerts" → `["Active"]`).
  - **Alert type**: filter by `alertType` (for example, "show dependency alerts" → `"Dependency"`). Valid types are: `Dependency`, `Secret`, `Code`.
- Always include `confidenceLevels: ["High", "Other"]` on every call to `advsec_get_alerts` unless the user explicitly requests a specific confidence filter.
- If the user does not specify filters, show all active alerts on the default branch by default (use `onlyDefaultBranch: true`, `states: ["Active"]`, and `confidenceLevels: ["High", "Other"]`).
- Show the results in a table.
- If there are no alerts, explicitly state that there are no alerts matching the criteria for this repository.

### Example

- "show security alerts for repo MyApp in project Contoso"
- "list critical dependency alerts for repo MyApp"
- "show all active secret alerts in repo MyApp"

## 2. Get details for a specific alert

- When the user asks about a **specific alert** (for example, "alert 42" or "tell me about alert 42"), call `advsec_get_alert_details` with the alert ID, project, and repository.
- Show all available detail fields including the affected file, line number, description, remediation guidance, and rule information.

### Example

- "show details for alert 42 in repo MyApp, project Contoso"
- "what is alert 42 about?"

## 3. Summary view

- When the user asks for a **summary** or **overview** of alerts, call `advsec_get_alerts` (with no severity or type filter, `states: ["Active"]`, and `confidenceLevels: ["High", "Other"]`) and present a summary grouped by:
  1. **Alert type** (Dependency, Secret, Code) with count.
  2. **Severity** (Critical, High, Medium, Low, Other) with count per type.
- Show the summary as a compact table followed by the total count.
- Note: `advsec_get_alerts` returns up to 100 alerts by default. If the results include a continuation token, let the user know the summary is based on the first batch of alerts and that additional alerts exist.

###

Install

What is this skill?

Recommended Skills

Journey fit

Is Security Alert Review safe to install?

SKILL.md

This week for builders

Install

What is this skill?

Recommended Skills

Journey fit

Is Security Alert Review safe to install?

SKILL.md