Skip to content

fix: resolve 4 open issues — SECURITY.md artifact, YAML quoting, hidden Unicode, hardcoded credentials#548

Open
okokkoko4414 wants to merge 6 commits into
msitarzewski:mainfrom
okokkoko4414:main
Open

fix: resolve 4 open issues — SECURITY.md artifact, YAML quoting, hidden Unicode, hardcoded credentials#548
okokkoko4414 wants to merge 6 commits into
msitarzewski:mainfrom
okokkoko4414:main

Conversation

@okokkoko4414
Copy link
Copy Markdown

@okokkoko4414 okokkoko4414 commented May 24, 2026

Summary

Changes

6 files changed, 5 insertions(+), 6 deletions(-)

Test plan

  • SECURITY.md: no stray heredoc artifact on line 31
  • zk-steward.md: YAML frontmatter parses without colon errors
  • mobile-app-builder.md, app-store-optimizer.md: no hidden Unicode characters in headings
  • api-tester.md, performance-benchmarker.md: hardcoded passwords replaced with env var

🤖 Generated with Claude Code

@claude
fix: resolve 4 open issues — SECURITY.md artifact, YAML quoting, hidd…
b6e87c4 
…en Unicode, hardcoded credentials

- Remove stray EOFcat heredoc artifact from SECURITY.md (fixes msitarzewski#530)
- Quote zk-steward description to fix YAML colon parsing (fixes msitarzewski#473)
- Strip hidden Unicode soft hyphens from mobile-app-builder and app-store-optimizer headings (fixes msitarzewski#478)
- Replace hardcoded passwords with process.env.TEST_PASSWORD (fixes msitarzewski#477)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings May 24, 2026 16:26
Copilot AI reviewed May 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Addresses several repository hygiene/security issues in Markdown-based agent/testing templates (security policy rendering, YAML frontmatter validity, hidden Unicode removal, and credential handling in examples).

Changes:

  • Removed a stray EOFcat SECURITY.md artifact from SECURITY.md.
  • Fixed YAML frontmatter parsing by quoting description in specialized/zk-steward.md.
  • Removed hidden Unicode soft-hyphen characters from headings in two agent markdown files.
  • Replaced hardcoded example passwords with process.env.TEST_PASSWORD in two testing templates.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
SECURITY.md Removes an accidental trailing heredoc artifact.
specialized/zk-steward.md Quotes YAML description to avoid colon parsing errors.
marketing/marketing-app-store-optimizer.md Strips hidden soft hyphen from a heading.
engineering/engineering-mobile-app-builder.md Strips hidden soft hyphen from a heading.
testing/testing-api-tester.md Replaces hardcoded password with env var in example request body.
testing/testing-performance-benchmarker.md Replaces hardcoded password with env var in k6 example.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread testing/testing-performance-benchmarker.md
Comment on lines 90 to 94
// Test critical user journey
const loginResponse = http.post(`${baseUrl}/api/auth/login`, {
email: 'test@example.com',
password: 'password123'
password: process.env.TEST_PASSWORD
});
Comment thread testing/testing-api-tester.md
Comment on lines 74 to 78
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
email: 'test@example.com',
password: 'secure_password'
password: process.env.TEST_PASSWORD
})
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

2 participants

@okokkoko4414