advanced-security · data-douser · May 20, 2026 · May 18, 2026 · May 18, 2026 · May 18, 2026
@@ -1,7 +1,6 @@
 ---
 name: mcp-enabled-ql-query-developer
 description: An agent enabled with QL MCP Server tools for developing CodeQL queries using test-driven development (TDD).
-model: Claude Opus 4.6 (1M context) (copilot)
 tools: ['agent', 'ql-mcp/*', 'edit', 'read', 'search', 'todo', 'web', 'vscode']
 handoffs:
   - agent: ql-mcp-tool-developer

@@ -1,7 +1,6 @@
 ---
 name: mcp-enabled-ql-workshop-developer
 description: An agent that creates CodeQL query development workshops from production queries using the QL MCP Server tools. Use this agent to generate guided learning materials that teach developers how to build CodeQL queries incrementally.
-model: Claude Opus 4.6 (1M context) (copilot)
 handoffs:
   - agent: ql-mcp-tool-tester
     label: Validate Solution Stage

@@ -2,7 +2,6 @@
 name: ql-agent-skills-developer
 description: Develops and improves Agent Skills for the CodeQL Development MCP Server.
 argument-hint: 'Provide the name(s) of the Agent Skill(s) to be created or improved under the .github/skills/ directory, along with specific requirements where available.'
-model: Claude Opus 4.6 (1M context) (copilot)
 handoffs:
   - label: Validate a newly created workshop
     agent: ql-mcp-tool-tester

@@ -2,7 +2,6 @@
 name: ql-mcp-tool-developer
 description: An agent for developing new tools and/or improving existing tools for the QL MCP Server.
 argument-hint: 'Provide the name(s) of the CodeQL Development MCP Server tool(s) to be created or improved, along with specific requirements where available.'
-model: Claude Opus 4.6 (1M context) (copilot)
 handoffs:
   - label: Test the CodeQL MCP Server tools via workshop
     agent: ql-mcp-tool-tester

@@ -2,7 +2,6 @@
 name: ql-mcp-tool-tester
 description: An agent for testing and validating tools for the latest QL Development MCP Server.
 argument-hint: 'Provide the name(s) of the CodeQL Development MCP Server tool(s) to be tested and validated, along with specific testing requirements, where available.'
-model: Claude Opus 4.6 (1M context) (copilot)
 ---
 
 # `ql-mcp-tool-tester` Agent

@@ -2,7 +2,6 @@
 name: ql-mcp-server-fix-build-and-test
 description: A prompt for fixing build issues for the QL MCP Server and ensuring extensive testing of the server functionality.
 agent: ql-mcp-tool-developer
-model: Claude Opus 4.6 (copilot)
 ---
 
 # `ql-mcp-server-fix-build-and-test` Prompt

@@ -3,7 +3,6 @@ agent: mcp-enabled-ql-workshop-developer
 name: validate-ql-mcp-server-tools-via-workshop
 description: 'A prompt for validating the real-world functionality of the CodeQL Development MCP Server tools by creating a CodeQL query development workshop from scratch using an existing, production-grade CodeQL query as the workshop "solution".'
 argument-hint: 'Provide the absolute or relative path to a local ".ql" or ".qlref" file associated with a production-grade CodeQL query to be used as the "solution" for the last stage of the to-be-created workshop.'
-model: Claude Opus 4.6 (copilot)
 ---
 
 # `validate-ql-mcp-server-tools-via-workshop` Prompt

@@ -49,7 +49,7 @@ When invoking this skill, you must provide:
 
 The skill creates a complete workshop under `<base_dir>/<workshop_name>/`:
 
-```
+```text
 <base_dir>/<workshop_name>/
 ├── README.md                    # Workshop overview and setup instructions
 ├── codeql-workspace.yml         # CodeQL workspace configuration
@@ -264,8 +264,8 @@ void edgeCase() {
 
 The `.expected` file uses CodeQL test format:
 
-```
-| file    | line | col | endLine | endCol | message                |
+```text
+| file     | line | col | endLine | endCol | message                  |
 | test.cpp | 3    | 5   | 3       | 8      | Null pointer dereference |
 | test.cpp | 18   | 17  | 18      | 20     | Null pointer dereference |
 ```
@@ -453,7 +453,7 @@ For detailed guidance:
 
 Some workshops may have optional advanced branches:
 
-```
+```text
 ├── exercises/
 │   ├── Exercise1.ql
 │   ├── Exercise2.ql
@@ -524,14 +524,6 @@ If generated queries have compilation errors:
 6. **Version control**: Track workshop iterations in git
 7. **Reuse test code**: Same test code across all stages when possible
 
-## Related Skills
-
-- [create-codeql-query-tdd-generic](../create-codeql-query-tdd-generic/SKILL.md) - TDD approach to query development
-- [create-codeql-query-unit-test-cpp](../create-codeql-query-unit-test-cpp/SKILL.md) - Creating C++ query tests
-- [create-codeql-query-unit-test-java](../create-codeql-query-unit-test-java/SKILL.md) - Creating Java query tests
-- [create-codeql-query-unit-test-javascript](../create-codeql-query-unit-test-javascript/SKILL.md) - Creating JavaScript query tests
-- [create-codeql-query-unit-test-python](../create-codeql-query-unit-test-python/SKILL.md) - Creating Python query tests
-
 ## Success Metrics
 
 A successful workshop:

@@ -171,7 +171,7 @@ codeql test run solutions-tests --learn
 
 ## Learning Path
 
-```
+```text
 Exercise 1 (Sinks)
     ↓
 Exercise 2 (Sources)

@@ -28,6 +28,7 @@ Students will learn to:
    ```
 
 2. Build test databases:
+
    ```bash
    ./build-databases.sh
    ```

@@ -64,13 +64,14 @@ public void testCompliant() {
    ```
 
 3. Extract test databases (done automatically by `codeql test run`):
+
    ```bash
    codeql test extract solutions-tests/Exercise1
    ```
 
 ## Workshop Structure
 
-```
+```text
 java-quality-queries-workshop-1/
 ├── exercises/           # Your exercise queries (incomplete)
 │   ├── Exercise1.ql    # Find JUnit test methods
@@ -107,6 +108,7 @@ For each exercise:
 2. **Read the TODO comments** - they explain what to implement
 3. **Implement the missing logic** based on hints
 4. **Run tests** to validate your implementation:
+
    ```bash
    codeql test run exercises-tests/Exercise{N}
    ```
@@ -135,7 +137,7 @@ codeql test run solutions-tests/Exercise{N}
 
 **Example AST Pattern**:
 
-```
+```text
 #-----|         1: (Annotations)
 #   20|           1: [Annotation] Test
 #   21|         3: [TypeAccess] void
@@ -163,7 +165,7 @@ codeql test run solutions-tests/Exercise{N}
 
 **Example AST Pattern for assertThrows**:
 
-```
+```text
 #   71|             0: [MethodCall] assertThrows(...)
 #   72|               0: [TypeAccess] IOException.class
 #   73|               1: [LambdaExpr] () -> ...
@@ -237,15 +239,15 @@ codeql pack install exercises
 
 Ensure the `options` file has correct paths to JUnit stubs:
 
-```
+```text
 //semmle-extractor-options: --javac-args -cp ${testdir}/../../tests-common/stubs/junit-4.13:...
 ```
 
 ## Additional Resources
 
 - [CodeQL for Java Documentation](https://codeql.github.com/docs/codeql-language-guides/codeql-for-java/)
-- [Advanced TDD Guide](../../server/src/prompts/ql-tdd-advanced.prompt.md)
-- [Workshop Structure Reference](./workshop-structure-reference.md)
+- [Advanced TDD Guide](https://github.com/advanced-security/codeql-development-mcp-server/blob/main/server/src/prompts/ql-tdd-advanced.prompt.md)
+- [Workshop Structure Reference](../workshop-structure-reference.md)
 
 ## Source Query
 

@@ -613,7 +613,7 @@ Issue: `.qlref` file has wrong path
 
 Solution: Ensure path is relative to exercises/ or solutions/ directory:
 
-```
+```text
 Exercise1.ql  # Not ../Exercise1.ql or /abs/path/Exercise1.ql
 ```
 

@@ -13,19 +13,19 @@ This document provides real-world examples of how to decompose complex CodeQL qu
 
 ### Decomposition Strategy: Building Blocks
 
-**Stage 1: Find Dereferences**
+#### Stage 1: Find Dereferences
 
 - Query: Find all `PointerDereferenceExpr`
 - Focus: Basic pattern matching
 - Teaching: CodeQL class hierarchy
 
-**Stage 2: Find Null Literals**
+#### Stage 2: Find Null Literals
 
 - Query: Find null pointer literals
 - Focus: Literal values and types
 - Teaching: Value constraints
 
-**Stage 3: Connect with Data Flow**
+#### Stage 3: Connect with Data Flow
 
 - Query: Use `DataFlow::localFlow` to connect nulls to dereferences
 - Focus: Data flow analysis
@@ -48,31 +48,31 @@ Each stage builds on previous:
 
 ### Decomposition Strategy: Syntactic to Semantic
 
-**Stage 1: Find Database Calls**
+#### Stage 1: Find Database Calls
 
 - Query: Find calls to `Statement.execute*` methods
 - Focus: Method call patterns
 - Teaching: Java method analysis
 
-**Stage 2: Identify User Input**
+#### Stage 2: Identify User Input
 
 - Query: Find servlet request parameters, HTTP inputs
 - Focus: Source identification
 - Teaching: Entry points
 
-**Stage 3: Local Taint Tracking**
+#### Stage 3: Local Taint Tracking
 
 - Query: Use `TaintTracking::localTaint` to find simple cases
 - Focus: Local propagation
 - Teaching: Taint concepts
 
-**Stage 4: Global Taint Tracking**
+#### Stage 4: Global Taint Tracking
 
 - Query: Extend to `TaintTracking::global`
 - Focus: Inter-procedural analysis
 - Teaching: Global configuration
 
-**Stage 5: Add Sanitizers**
+#### Stage 5: Add Sanitizers
 
 - Query: Exclude validated inputs
 - Focus: Barrier guards
@@ -95,37 +95,37 @@ Simple → Complex → Comprehensive:
 
 ### Decomposition Strategy: Local to Global
 
-**Stage 1: Find DOM Sinks**
+#### Stage 1: Find DOM Sinks
 
 - Query: Find `innerHTML`, `outerHTML`, `document.write`
 - Focus: Property access patterns
 - Teaching: JavaScript DOM API
 
-**Stage 2: Find URL Parameters**
+#### Stage 2: Find URL Parameters
 
 - Query: Find `location.search`, `window.location.href`
 - Focus: Browser API sources
 - Teaching: Untrusted data
 
-**Stage 3: Add Request Sources**
+#### Stage 3: Add Request Sources
 
 - Query: Add Express.js request parameters
 - Focus: Server-side sources
 - Teaching: Multiple source types
 
-**Stage 4: Local Taint Tracking**
+#### Stage 4: Local Taint Tracking
 
 - Query: Connect sources to sinks locally
 - Focus: String operations
 - Teaching: Taint flow
 
-**Stage 5: Global Taint Tracking**
+#### Stage 5: Global Taint Tracking
 
 - Query: Track across function boundaries
 - Focus: Full application flow
 - Teaching: Configuration
 
-**Stage 6: Custom Taint Steps**
+#### Stage 6: Custom Taint Steps
 
 - Query: Add framework-specific propagation
 - Focus: Library modeling
@@ -148,31 +148,31 @@ API knowledge → Data flow → Framework specifics:
 
 ### Decomposition Strategy: Simple to Filtered
 
-**Stage 1: Find File Operations**
+#### Stage 1: Find File Operations
 
 - Query: Find all filesystem API calls
 - Focus: High recall
 - Teaching: API patterns (high false positive rate acceptable)
 
-**Stage 2: Find External Inputs**
+#### Stage 2: Find External Inputs
 
 - Query: Find HTTP parameters, command-line args
 - Focus: Source enumeration
 - Teaching: Attack surface
 
-**Stage 3: Connect with Taint Tracking**
+#### Stage 3: Connect with Taint Tracking
 
 - Query: Track external input to file operations
 - Focus: Flow analysis
 - Teaching: Connection (many results, some false positives)
 
-**Stage 4: Filter Path Validation**
+#### Stage 4: Filter Path Validation
 
 - Query: Exclude cases with `contains("..")` checks
 - Focus: Basic filtering
 - Teaching: Guards (fewer results)
 
-**Stage 5: Advanced Filtering**
+#### Stage 5: Advanced Filtering
 
 - Query: Recognize path normalization, sandboxing
 - Focus: Sophisticated guards
-Original file line number
+Diff line change
@@ Expand Up / @@ -171,7 +171,7 @@ codeql test run solutions-tests --learn @@
     ## Learning Path
-    ```
+    ```text
     Exercise 1 (Sinks)
         ↓
     Exercise 2 (Sources)
@@ Expand Down @@