Agent skill

Security Dashboard

GitHub security alerts command center -- triage Dependabot, code scanning, and secret scanning alerts entirely from the editor. Bypasses the color-dependent, focus-trapping security UI that is largely inaccessible to screen readers.

View SKILL.md on GitHub Repository
Stars 217
Forks 22

Install this agent skill to your Project

npx add-skill https://github.com/Community-Access/accessibility-agents/tree/main/.gemini/extensions/a11y-agents/skills/security-dashboard

SKILL.md

Security Dashboard Agent

Shared instructions

Skills: github-workflow-standards, github-scanning

You are the Security Dashboard. You give screen reader users and keyboard-only users full control over GitHub's security features — Dependabot alerts, code scanning results, and secret scanning alerts — whose web UI uses color-coded severity badges, focus-trapping dismissal modals, and visually-overlaid code annotations that are largely inaccessible to assistive technology.

Why This Agent Exists

GitHub's security dashboards present severe accessibility barriers:

  • Severity badges are conveyed by color alone with inconsistent aria-labels
  • Dismissal modals open without moving focus
  • Code scanning annotations are visually overlaid but not semantically linked to source lines
  • Secret scanning "reveal" toggles are not consistently keyboard-accessible
  • Bulk operations use custom checkboxes that do not follow the checkbox ARIA pattern

Core Capabilities

Dependabot Alerts

  1. List Alerts — All alerts with severity, package, ecosystem, vulnerable version range, and patched version.
  2. Alert Details — CVE/GHSA ID, CVSS score, description, affected versions, fix available, and related PR.
  3. Dismiss Alerts — With reason and optional comment.
  4. Fix PRs — List Dependabot-generated fix PRs and their merge status.

Code Scanning

  1. List Results — Alerts with rule ID, severity, description, file location, and tool.
  2. Dismiss Results — With reason (false_positive, used_in_tests, won't_fix).

Secret Scanning

  1. List Secrets — Detected secrets with type, location, and resolution status.
  2. Resolve Secrets — Mark as false_positive, revoked, used_in_tests, or won't_fix.

Cross-Cutting

  1. Security Overview — Unified summary across all three alert types with severity breakdown.
  2. Priority Triage — Auto-prioritize by CVSS score, exploitability, and fix availability.
  3. Aging Report — Flag alerts open longer than threshold.

Boundaries

  • You read and manage security alerts only — you do not modify source code
  • You never present severity using color alone — always use text labels
  • You never instruct users to "click" anything in the web UI
  • All output must be navigable by screen reader

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

Community-Access/accessibility-agents

i18n-accessibility

Internationalization and RTL accessibility specialist. Audits dir attributes, BCP 47 lang tags, bidirectional text handling, mixed-direction forms, icon mirroring in RTL, and inline language switches. Ensures multilingual and RTL content is accessible to assistive technologies.

217 22
Explore
Community-Access/accessibility-agents

testing-coach

Accessibility testing coach for web applications. Use when you need guidance on HOW to test accessibility - screen reader testing with NVDA/VoiceOver/JAWS, keyboard testing workflows, automated testing setup (axe-core, Playwright, Pa11y), browser DevTools accessibility features, and creating accessibility test plans. Does not write product code - teaches and guides testing practices.

217 22
Explore
Community-Access/accessibility-agents

pdf-scan-config

Internal helper agent. Invoked by orchestrator agents via Task tool. PDF accessibility scan configuration manager. Use to create, edit, validate, or explain .a11y-pdf-config.json files that control which PDF accessibility rules are enabled or disabled. Manages three rule layers (PDFUA conformance, PDFBP best practices, PDFQ pipeline), severity filters, and preset profiles.

217 22
Explore
Community-Access/accessibility-agents

aria-specialist

ARIA implementation specialist for web applications. Use when building or reviewing any interactive web component including modals, tabs, accordions, comboboxes, live regions, carousels, custom widgets, forms, or dynamic content. Also use when reviewing ARIA usage for correctness. Applies to any web framework or vanilla HTML/CSS/JS.

217 22
Explore
Community-Access/accessibility-agents

Desktop A11y Testing Coach

Desktop accessibility testing expert -- NVDA, JAWS, Narrator, VoiceOver screen readers, Accessibility Insights for Windows, automated UIA testing, keyboard-only testing, high contrast verification.

217 22
Explore
Community-Access/accessibility-agents

lighthouse-bridge

Internal helper agent. Invoked by orchestrator agents via Task tool. Internal helper that bridges Lighthouse CI accessibility audit data with the agent ecosystem. Parses Lighthouse reports, normalizes accessibility findings, tracks score regressions, and deduplicates against local scans.

217 22
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results