feat(llm-security-copilot): port llm-security v5.1.0 to GitHub Copilot CLI

Full port of llm-security plugin for internal use on Windows with GitHub
Copilot CLI. Protocol translation layer (copilot-hook-runner.mjs)
normalizes Copilot camelCase I/O to Claude Code snake_case format — all
original hook scripts run unmodified.

- 8 hooks with protocol translation (stdin/stdout/exit code)
- 18 SKILL.md skills (Agent Skills Open Standard)
- 6 .agent.md agent definitions
- 20 scanners + 14 scanner lib modules (unchanged)
- 14 knowledge files (unchanged)
- 39 test files including copilot-port-verify.mjs (17 tests)
- Windows-ready: node:path, os.tmpdir(), process.execPath, no bash

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

plugins/llm-security-copilot/skills/mcp-inspect/SKILL.md

@@ -0,0 +1,43 @@
+---
+name: security-mcp-inspect
+description: Connect to running MCP servers and scan live tool descriptions for injection, shadowing, and drift
+---
+
+# MCP Inspect
+
+Live MCP server inspection — connect to running servers, scan tool descriptions.
+
+## Step 1: Run Inspector
+
+```bash
+node <plugin-root>/scanners/mcp-live-inspect.mjs $ARGUMENTS
+```
+
+Supports `--timeout <ms>` and `--skip-global` flags.
+
+## Step 2: Format Results
+
+Parse JSON output. Display:
+
+```
+# MCP Live Inspection: [VERDICT]
+
+Servers: N discovered, N contacted, N timed-out, N failed
+
+## Server Details
+
+| Server | Transport | Status | Tools | Findings |
+|--------|-----------|--------|-------|----------|
+[per-server row]
+
+## Findings
+
+[Findings table: severity, server, tool, description, evidence]
+```
+
+## Step 3: Advisory
+
+- Timeouts: "Server did not respond within timeout. May be SSE-based (unsupported for live inspection) or not running."
+- No servers found: "No MCP servers detected. Check configuration."
+- Clean: "All servers passed live inspection."
+- Findings: "Review findings. Combine with `mcp-audit` for static analysis."