From f4a67dec711931e817416bd94335111eb7167924 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 11 May 2026 04:33:09 +0000
Subject: [PATCH 1/2] Initial plan


From fe4b8c691adeedd200e8e85126379ea02f493cf1 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 11 May 2026 04:49:24 +0000
Subject: [PATCH 2/2] Add check_dependency_vulnerabilities to
 security_advisories toolset

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
 .github/aw/github-mcp-server.md                    | 3 ++-
 pkg/workflow/data/github_toolsets_permissions.json | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/aw/github-mcp-server.md b/.github/aw/github-mcp-server.md
index d04a541079c..831060cc5c0 100644
--- a/.github/aw/github-mcp-server.md
+++ b/.github/aw/github-mcp-server.md
@@ -2,7 +2,7 @@
 
 **Source**: [github/github-mcp-server](https://github.com/github/github-mcp-server/tree/main/pkg/github)
 **Mapping File**: [pkg/workflow/data/github_toolsets_permissions.json](https://github.com/github/gh-aw/blob/main/pkg/workflow/data/github_toolsets_permissions.json)
-**Last Updated**: 2026-05-03
+**Last Updated**: 2026-05-11
 
 ## Overview
 
@@ -325,6 +325,7 @@ The following toolsets are recommended as defaults for typical agentic workflows
 
 | Tool | Purpose | Key Parameters |
 |------|---------|----------------|
+| `check_dependency_vulnerabilities` | Check dependencies against known vulnerabilities in the GitHub Advisory Database | `owner`, `repo`, `dependencies` |
 | `get_global_security_advisory` | Get a specific global security advisory | `ghsa_id` |
 | `list_global_security_advisories` | List advisories from the GitHub Advisory Database | `type`, `severity`, `ecosystem` |
 | `list_repository_security_advisories` | List security advisories for a specific repository | `owner`, `repo`, `state` |
diff --git a/pkg/workflow/data/github_toolsets_permissions.json b/pkg/workflow/data/github_toolsets_permissions.json
index aebe5624821..ddd14400a7b 100644
--- a/pkg/workflow/data/github_toolsets_permissions.json
+++ b/pkg/workflow/data/github_toolsets_permissions.json
@@ -147,7 +147,7 @@
       "description": "Security advisories",
       "read_permissions": ["security-events"],
       "write_permissions": ["security-events"],
-      "tools": ["get_global_security_advisory", "list_global_security_advisories", "list_repository_security_advisories"]
+      "tools": ["check_dependency_vulnerabilities", "get_global_security_advisory", "list_global_security_advisories", "list_repository_security_advisories"]
     },
     "stargazers": {
       "description": "Repository stars",