Agent Skills
Instruction packs that give your AI agent know-how. Three different kinds — pick the right one below.
✦ Standalone skills2,933
Self-contained. Install one into any project and it works on its own — no other software needed.
🧰 Tool add-ons726
Come bundled with a specific tool and only work together with it — they teach your agent how to operate that tool.
update-avm-modules-in-bicep
✓★ 36,200by github
Automated Azure Verified Module version updates for Bicep files with breaking change detection. Scans Bicep files to extract AVM module references, queries MCR for latest versions, and applies updates automatically Pauses for manual approval when breaking changes, security modifications, or parameter incompatibilities are detected Validates all changes with bicep lint and bicep build to ensure compliance before finalizing Outputs results in a structured table showing module names, version...
create-technical-spike
✓★ 36,200by github
Time-boxed technical spike documents for researching critical development decisions before implementation. Generates structured markdown spike files with clear objectives, research questions, investigation plans, and decision frameworks Supports six spike categories: API Integration, Architecture & Design, Performance & Scalability, Platform & Infrastructure, Security & Compliance, and User Experience Includes built-in checklists for research tasks, success criteria, findings documentation,...
azure-devops-cli
✓★ 36,200by github
Manage Azure DevOps resources including projects, repos, pipelines, builds, work items, and service endpoints via CLI. Covers six major domains: Repos and PRs, Pipelines and Builds, Boards and Work Items, Variables and Agents, Organization and Security, and Advanced Usage patterns Requires Azure CLI 2.81.0+ with the azure-devops extension; authenticate using PAT tokens and configure default organization/project to avoid repeating flags Supports output formatting with JMESPath queries, global...
cloud-design-patterns
✓★ 36,200by github
Cloud design patterns for distributed systems architecture covering 42 industry-standard patterns across reliability, performance, messaging, security, and…
create-github-action-workflow-specification
✓★ 36,200by github
Generates formal, AI-optimized specifications for GitHub Actions workflows to standardize documentation and enable maintenance. Produces structured markdown specifications with execution flow diagrams, job dependency matrices, and requirement tables designed for token efficiency Covers functional, security, and performance requirements alongside input/output contracts, error handling strategies, and quality gates Includes sections for monitoring, compliance, edge cases, and change management...
multi-stage-dockerfile
✓★ 36,200by github
Build optimized, secure multi-stage Dockerfiles for any language or framework. Structures builds with separate builder and runtime stages, copying only necessary artifacts to minimize final image size and attack surface Emphasizes layer caching optimization by ordering commands from least to most frequently changing, combined with .dockerignore and command consolidation Recommends minimal base images (Alpine, distroless, or official slim variants) with exact version pinning for...
security-threat-model
✓★ 23,200by openai
Repository-grounded threat modeling that maps trust boundaries, assets, and abuse paths to concrete code evidence. Enumerates entry points, data flows, and trust boundaries anchored to actual repository structure and configuration Derives realistic attacker goals tied to specific assets (credentials, PII, integrity-critical state, compute resources) rather than generic checklists Prioritizes threats using likelihood and impact reasoning, with explicit assumptions about deployment,...
cloudflare-deploy
✓★ 23,200by openai
Deploy applications and infrastructure to Cloudflare using Workers, Pages, and platform services. Covers 40+ Cloudflare products organized by use case: compute (Workers, Pages, Durable Objects, Workflows), storage (KV, D1, R2, Queues), AI/ML (Workers AI, Vectorize, Agents SDK), networking (Tunnel, Spectrum), and security (WAF, Bot Management, Turnstile) Includes decision trees to route users to the right product based on their need (run code, store data, add AI, networking, security, or...
azure-compliance
✓★ 2,700by microsoft
Run Azure compliance and security audits with azqr plus Key Vault expiration checks. Covers best-practice assessment, resource review, policy/compliance…
azure-compliance
✓★ 2,700by microsoft
Run Azure compliance and security audits with azqr plus Key Vault expiration checks. Covers best-practice assessment, resource review, policy/compliance…
azure-keyvault-certificates-rust
✓★ 2,700by microsoft
Client library for Azure Key Vault Certificates — secure storage and management of certificates.
azure-keyvault-secrets-rust
✓★ 2,700by microsoft
Client library for Azure Key Vault Secrets — secure storage for passwords, API keys, and other secrets.
azure-security-keyvault-secrets-java
✓★ 2,700by microsoft
Azure Key Vault Secrets Java SDK for secret management. Use when storing, retrieving, or managing passwords, API keys, connection strings, or other sensitive…
azure-keyvault-certificates-rust
✓★ 2,700by microsoft
Client library for Azure Key Vault Certificates — secure storage and management of certificates.
azure-keyvault-secrets-rust
✓★ 2,700by microsoft
Client library for Azure Key Vault Secrets — secure storage for passwords, API keys, and other secrets.
azure-security-keyvault-secrets-java
✓★ 2,700by microsoft
Azure Key Vault Secrets Java SDK for secret management. Use when storing, retrieving, or managing passwords, API keys, connection strings, or other sensitive…
entra-app-registration
✓★ 1,300by microsoft
Microsoft Entra ID app registration, OAuth 2.0 configuration, and MSAL integration for secure application authentication. Covers app registration setup, authentication configuration, API permissions, and client credential management across web apps, SPAs, mobile apps, and daemon services Includes step-by-step workflows for first-time registration, console application authentication, and service-to-service credential flows Provides Azure CLI commands, MSAL library examples for .NET,...
azure-enterprise-infra-planner
✓★ 1,300by microsoft
Architect and provision enterprise Azure infrastructure from workload descriptions. For cloud architects and platform engineers planning networking, identity, security, compliance, and multi-resource topologies with WAF alignment. Generates Bicep or Terraform directly (no azd). WHEN: 'plan Azure infrastructure', 'architect Azure landing zone', 'design hub-spoke network', 'plan multi-region DR topology', 'set up VNets firewalls and private endpoints', 'subscription-scope Bicep deployment',...
azure-compliance
✓★ 1,300by microsoft
Run Azure compliance and security audits with azqr plus Key Vault expiration checks. Covers best-practice assessment, resource review, policy/compliance validation, and security posture checks. WHEN: compliance scan, security audit, BEFORE running azqr (compliance cli tool), Azure best practices, Key Vault expiration check, expired certificates, expiring secrets, orphaned resources, compliance assessment.
entra-app-registration
✓★ 1,300by microsoft
Guides Microsoft Entra ID app registration, OAuth 2.0 authentication, and MSAL integration. USE FOR: create app registration, register Azure AD app, configure OAuth, set up authentication, add API permissions, generate service principal, MSAL example, console app auth, Entra ID setup, Azure AD authentication. DO NOT USE FOR: Azure RBAC or role assignments (use azure-rbac), Key Vault secrets (use azure-keyvault-expiration-audit), general Azure resource security guidance.
secure-by-design
✓★ 1,200by microsoft
Secure by Design principles knowledge base for assessing adherence to security-first design, development, and deployment practices across the software…
owasp-docker
✓★ 1,200by microsoft
OWASP Docker Top 6 vulnerability knowledge base for identifying, assessing, and remediating security risks in containerized Docker environments - Brought to…
owasp-cicd
✓★ 1,200by microsoft
OWASP CI/CD Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in continuous integration and continuous delivery…
skill-scanner
✓★ 844by sentry
Scan agent skills for security issues. Use when asked to "scan a skill",
gha-security-review
✓★ 844by sentry
GitHub Actions security review for workflow exploitation vulnerabilities. Use when asked to "review GitHub Actions", "audit workflows", "check CI security",…
skill-scanner
✓★ 844by sentry
Automated security scanning for agent skills before installation, detecting prompt injection, malicious code, excessive permissions, and supply chain risks. Runs static analysis via bundled Python scanner that outputs structured JSON findings with severity levels and URLs Validates SKILL.md frontmatter (required fields, tool justification, model overrides) and checks for config poisoning or scope creep in instructions Analyzes scripts for data exfiltration, reverse shells, credential theft,...
gha-security-review
✓★ 844by sentry
GitHub Actions security review for workflow exploitation vulnerabilities. Use when asked to "review GitHub Actions", "audit workflows", "check CI security",…
terraform-style-guide
✓★ 697by hashicorp
Generate and maintain Terraform code following HashiCorp's official style conventions. Enforces two-space indentation, lowercase underscore naming, and standard file organization across terraform.tf , providers.tf , main.tf , variables.tf , outputs.tf , and locals.tf Requires type and description on all variables and outputs, with validation rules and sensitive flag support for credentials Prioritizes for_each over count for dynamic resources, applies security hardening (encryption, private...
azure-compliance
✓★ 226by Azure
Comprehensive Azure compliance and security auditing capabilities including best practices assessment, Key Vault expiration monitoring, and resource configuration validation.
azure-aigateway
✓★ 226by Azure
Configure Azure API Management (APIM) as AI Gateway to secure, observe, control AI models, MCP servers, agents. Helps with rate limiting, semantic caching, content safety, load balancing.