[External Plugin]: Add 42Crunch API Security Testing plugin

[heshaam-42c]

Plugin name

42crunch-api-security-testing

Short description

Catch API security issues during development: audit, scan, remediate, validate with AI guardrails in GitHub Copilot.

GitHub repository

42Crunch-AI/copilot-plugins

Plugin path inside the repository

plugins/42crunch-api-security-testing

Ref to review

v1.0.5

Commit SHA to review

c64c64838cd3e661f78ac7695a0a8f843b374720

Version

1.0.5

License identifier

MIT

Author name

42Crunch

Author URL

https://github.com/42Crunch

Homepage URL

https://42crunch.com

Keywords

openapi
api-security
audit
scan
remediation
vulnerability
compliance
owasp
ai
devsecops

Additional notes for reviewers

Previously had opened PR-1658 to add the 42Crunch API Security Testing plugin to github/awesome-copilot. But, since we already maintain the plugin in a public repo here, I have opened this new external plugin request.

Submission checklist

• The plugin lives in a public GitHub repository.
• The ref and/or sha I provided is immutable (release tag and/or full 40-character commit SHA), not a branch.
• This submission follows this repository's contribution, security, and responsible AI policies.
• This plugin is not already listed in the Awesome Copilot marketplace.

[github-actions]

✅ External plugin intake passed

This submission passed automated intake validation and quality checks and is ready for maintainer review.

• Plugin: 42crunch-api-security-testing
• Repository: https://github.com/42Crunch-AI/copilot-plugins
• Ref: v1.0.5
• SHA: c64c64838cd3e661f78ac7695a0a8f843b374720

Quality gate summary

Gate	Status
skill-validator	pass
install smoke test	pass

• skill-validator: pass
• install smoke test: pass
• overall: pass

skill-validator output

Validated 1 plugin(s)
Found 6 skill(s)
[42crunch-audit] 📊 42crunch-audit: 1,034 BPE tokens [chars/4: 1,030] (detailed ✓), 3 sections, 1 code blocks
[42crunch-scan] 📊 42crunch-scan: 1,474 BPE tokens [chars/4: 1,506] (detailed ✓), 4 sections, 2 code blocks
[postman-to-oas] 📊 postman-to-oas: 5,322 BPE tokens [chars/4: 5,332] (comprehensive ✗), 50 sections, 12 code blocks
[postman-to-oas]    ⚠  Skill is 5,322 BPE tokens (chars/4 estimate: 5,332) — "comprehensive" skills hurt performance by 2.9pp on average. Consider splitting into 2–3 focused skills.
[42crunch-setup] 📊 42crunch-setup: 1,680 BPE tokens [chars/4: 1,637] (detailed ✓), 16 sections, 5 code blocks
[42crunch-api-security-testing] 📊 42crunch-api-security-testing: 2,065 BPE tokens [chars/4: 2,087] (detailed ✓), 4 sections, 2 code blocks
[code-to-oas] 📊 code-to-oas: 4,504 BPE tokens [chars/4: 4,282] (standard ~), 31 sections, 5 code blocks
[code-to-oas]    ⚠  Skill is 4,504 BPE tokens (chars/4 estimate: 4,282) — approaching "comprehensive" range where gains diminish.
✅ All checks passed (6 skill(s), 0 agent(s), 1 plugin(s))

Install smoke test output

Install smoke test succeeded. Verified /tmp/external-plugin-quality-6fsStV/copilot-home/.copilot/installed-plugins/external-plugin-intake/42crunch-api-security-testing/.github/plugin/plugin.json.

### Canonical external.json payload ```json { "name": "42crunch-api-security-testing", "description": "Catch API security issues during development: audit, scan, remediate, validate with AI guardrails in GitHub Copilot.", "version": "1.0.5", "author": { "name": "42Crunch", "url": "https://github.com/42Crunch" }, "repository": "https://github.com/42Crunch-AI/copilot-plugins", "homepage": "https://42crunch.com", "license": "MIT", "keywords": [ "openapi", "api-security", "audit", "scan", "remediation", "vulnerability", "compliance", "owasp", "ai", "devsecops" ], "source": { "source": "github", "repo": "42Crunch-AI/copilot-plugins", "path": "plugins/42crunch-api-security-testing", "ref": "v1.0.5", "sha": "c64c64838cd3e661f78ac7695a0a8f843b374720" } } ```

[heshaam-42c]

/rerun-intake

[heshaam-42c]

/rerun-intake

[heshaam-42c]

/rerun-intake

[heshaam-42c]

/rerun-intake

[heshaam-42c]

/rerun-intake

[heshaam-42c]

/rerun-intake