sayantanbasak1986/skills-getting-started-with-github-copilot

[MINED112] FastAPI POST /activities/{activity_name}/signup has no auth: Handler `signup_for_activity` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth…

[MINED115] Action `skills/exercise-toolkit/.github/workflows/find-exercise-issue.yml` pinned to mutable ref `@v0.8.1`: `uses: skills/exercise-toolkit/.github/workflows/[email protected]`…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `peter-evans/find-comment` pinned to mutable ref `@v3`: `uses: peter-evans/find-comment@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; th…

[MINED115] Action `GrantBirki/comment` pinned to mutable ref `@v2.1.1`: `uses: GrantBirki/[email protected]` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that m…

[MINED115] Action `skills/action-keyphrase-checker` pinned to mutable ref `@v1`: `uses: skills/action-keyphrase-checker@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the ac…

[MINED115] Action `GrantBirki/comment` pinned to mutable ref `@v2.1.1`: `uses: GrantBirki/[email protected]` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that m…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `GrantBirki/comment` pinned to mutable ref `@v2.1.1`: `uses: GrantBirki/[email protected]` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that m…

[MINED115] Action `GrantBirki/comment` pinned to mutable ref `@v2.1.1`: `uses: GrantBirki/[email protected]` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that m…

[MINED115] Action `GrantBirki/comment` pinned to mutable ref `@v2.1.1`: `uses: GrantBirki/[email protected]` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that m…

[MINED115] Action `skills/exercise-toolkit/.github/workflows/find-exercise-issue.yml` pinned to mutable ref `@v0.8.1`: `uses: skills/exercise-toolkit/.github/workflows/[email protected]`…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `peter-evans/find-comment` pinned to mutable ref `@v3`: `uses: peter-evans/find-comment@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; th…

[MINED115] Action `GrantBirki/comment` pinned to mutable ref `@v2.1.1`: `uses: GrantBirki/[email protected]` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that m…

[MINED115] Action `skills/action-keyphrase-checker` pinned to mutable ref `@v1`: `uses: skills/action-keyphrase-checker@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the ac…

[MINED115] Action `GrantBirki/comment` pinned to mutable ref `@v2.1.1`: `uses: GrantBirki/[email protected]` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that m…

[MINED115] Action `skills/exercise-toolkit/.github/workflows/find-exercise-issue.yml` pinned to mutable ref `@v0.8.1`: `uses: skills/exercise-toolkit/.github/workflows/[email protected]`…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `GrantBirki/comment` pinned to mutable ref `@v2.1.1`: `uses: GrantBirki/[email protected]` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that m…

[MINED115] Action `GrantBirki/comment` pinned to mutable ref `@v2.1.1`: `uses: GrantBirki/[email protected]` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that m…

[MINED115] Action `skills/exercise-toolkit/.github/workflows/finish-exercise.yml` pinned to mutable ref `@v0.8.1`: `uses: skills/exercise-toolkit/.github/workflows/[email protected]` resolve…

[SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflect…

[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we…

[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.

[AUC002] Low visible authorization coverage in route inventory: Only 33.3% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.

[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, p…

[MINED124] requirements.txt: `fastapi` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats,…

[MINED124] requirements.txt: `uvicorn` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats,…

[MINED124] requirements.txt: `httpx` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, a…

[MINED124] requirements.txt: `watchfiles` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosqua…

Public web service has no security.txt

[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.

[SEC006] XSS Risk: Direct HTML injection without sanitization.

No test files found in a documentation, catalog, or template-heavy repository

[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.