Add agent skills for creating and publishing CodeQL model packs

[data-douser]

Summary

Add .github/skills/ agent skills to provide step-by-step procedural workflows for the two primary models-as-data operational use cases that are not well covered by the existing prompt-based reference documentation (see #42):

1. create-model-pack — end-to-end workflow for creating a new CodeQL model pack with .model.yml data extension files
2. publish-model-pack — workflow for publishing a model pack to GHCR and configuring it for org-wide Default Setup

Motivation

The data extension prompts introduced in #42 provide excellent reference documentation (tuple formats, access paths, language-specific examples), but LLMs — especially Copilot Cloud Agent — benefit from procedural workflows that map directly to agent action plans. The SKILL.md format is ideal for this because:

• Skills are triggered contextually by agent routing via the description field
• They can bundle concrete shell commands and scripts
• They provide a Procedure section with numbered steps that agents follow sequentially
• They separate the two distinct deployment paths: repo-level .github/codeql/extensions/ (no publish needed) vs. GHCR model pack (requires codeql pack publish)

Proposed skills

.github/skills/create-model-pack/SKILL.md

Trigger: User wants to create/update a models-as-data extension for an unmodeled library

Procedure should cover:

1. Identify the target library and language
2. Determine which methods are sources, sinks, summaries, barriers, barrier guards
3. Create the .model.yml file(s) using the correct format (API Graph vs MaD) for the language
4. Set up qlpack.yml with extensionTargets and dataExtensions configuration
5. Test locally with codeql query run --additional-packs=<model-pack-dir>
6. Run unit tests with codeql test run --additional-packs=<model-pack-dir>
7. Handle the repo-level shortcut: copying into .github/codeql/extensions/ for single-repo use

.github/skills/publish-model-pack/SKILL.md

Trigger: User wants to publish a model pack for use across an organization with Default Setup

Procedure should cover:

1. Verify qlpack.yml has correct extensionTargets, dataExtensions, and version
2. Run codeql pack create to build the pack
3. Run codeql pack publish to push to GHCR
4. Configure org-level model packs in GitHub org settings (Security → Advanced Security → Global settings → Expand CodeQL analysis)
5. Version management: semver, auto-latest behavior for Default Setup consumers
6. Validation: confirm the pack is picked up in Default Setup analyses

References

• Add data extension prompts, templates, and barrier/barrierGuard support #42 — Data extension prompts PR
• Configure organization-level CodeQL model packs
• Extending CodeQL coverage with model packs in Default Setup
• Configuring Default Setup at scale
• CodeQL now supports sanitizers and validators in models-as-data