All skills in this catalog are assigned a risk tier. The tier determines what a skill is allowed to do and how it can be invoked.
- No scripts or executable code.
- Read-only guidance, checklists, templates, and review workflows.
- May be model-invocable (agent can activate without user prompt).
- No network access required.
- Scripts allowed only if idempotent and local (no network).
- Prefer tool restrictions (
allowed-tools) where supported. - Generally model-invocable, but restrict tools defensively.
- Anything that pushes, deploys, deletes, or modifies external systems.
- Remote MCP server usage (data crosses a network boundary).
- Must be user-invoked only (never model-invocable).
- Require explicit rollback plan documented in the skill.
- Tool restrictions mandatory where supported.
- Treat every skill bundle like a dependency: review, pin, and audit.
- Default skills to instruction-only; scripts require explicit justification.
- No downloading or executing remote code from within skills.
- No
curl | bashpatterns or equivalent. - No network access unless explicitly required and declared.
- Never run Tier 2 skills without explicit user intent.
- Keep SKILL.md under 500 lines. Move detail into
references/andassets/. - Write descriptions like a router: specific enough to trigger correctly, narrow enough to avoid false activation.
- Version skills via
versionin frontmatter. - Include
licensein frontmatter (required for cross-tool compatibility). - Required frontmatter fields:
name,description,version,tier,license. - Skills do not replace always-on instructions in AGENTS.md or AGENT_INSTRUCTIONS.md.
- Prefer internal over external (see AGENT_INSTRUCTIONS.md § Norms). Do not introduce external dependencies when an existing skill or native capability covers the need.