Agent Skills
Instruction packs that give your AI agent know-how. Three different kinds — pick the right one below.
✦ Standalone skills2,933
Self-contained. Install one into any project and it works on its own — no other software needed.
🧰 Tool add-ons726
Come bundled with a specific tool and only work together with it — they teach your agent how to operate that tool.
owasp-llm
✓★ 1,200by microsoft
OWASP Top 10 for LLM Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in large language model…
secure-by-design
✓★ 1,200by microsoft
Secure by Design principles knowledge base for assessing adherence to security-first design, development, and deployment practices across the software…
owasp-cicd
✓★ 1,200by microsoft
OWASP CI/CD Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in continuous integration and continuous delivery…
owasp-mcp
✓★ 1,200by microsoft
OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to…
django-access-review
✓★ 844by sentry
Django access control and IDOR security review. Use when reviewing Django views, DRF viewsets, ORM queries, or any Python/Django code handling user…
🔌 Part of the skills plugin
django-access-review
✓★ 844by sentry
Django access control and IDOR security review. Use when reviewing Django views, DRF viewsets, ORM queries, or any Python/Django code handling user…
🔌 Part of the skills plugin
skill-scanner
✓★ 844by sentry
Automated security scanning for agent skills before installation, detecting prompt injection, malicious code, excessive permissions, and supply chain risks. Runs static analysis via bundled Python scanner that outputs structured JSON findings with severity levels and URLs Validates SKILL.md frontmatter (required fields, tool justification, model overrides) and checks for config poisoning or scope creep in instructions Analyzes scripts for data exfiltration, reverse shells, credential theft,...
🔌 Part of the skills plugin
skill-scanner
✓★ 844by sentry
Scan agent skills for security issues. Use when asked to "scan a skill",
🔌 Part of the skills plugin
security-review
✓★ 844by sentry
Systematic security code review identifying high-confidence vulnerabilities with data-flow verification. Focuses exclusively on HIGH CONFIDENCE findings: vulnerable patterns with confirmed attacker-controlled input, skipping theoretical issues and framework-mitigated code Requires codebase research before reporting: traces data flow, checks for validation/sanitization, and verifies exploitability rather than pattern-matching alone Covers 14 vulnerability categories (injection, XSS,...
🔌 Part of the skills plugin
gha-security-review
✓★ 844by sentry
GitHub Actions security review for workflow exploitation vulnerabilities. Use when asked to "review GitHub Actions", "audit workflows", "check CI security",…
🔌 Part of the skills plugin
find-bugs
✓★ 844by sentry
Comprehensive code review identifying bugs, security vulnerabilities, and quality issues in branch changes. Executes a structured five-phase review process: gathering the complete diff, mapping attack surfaces, running a detailed security checklist, verifying findings, and auditing coverage before conclusions Security checklist covers 11 critical areas including injection, XSS, authentication, authorization, CSRF, race conditions, session management, cryptography, information disclosure,...
🔌 Part of the skills plugin
code-review
✓★ 844by sentry
Code review framework following Sentry engineering practices for pull requests and code quality assessment. Covers six key problem areas: runtime errors, performance bottlenecks, side effects, backwards compatibility, ORM query issues, and security vulnerabilities Includes design assessment guidance for component interactions, architectural alignment, and requirement conflicts Requires appropriate test coverage across functional, integration, and end-to-end tests with verification of edge...
🔌 Part of the skills plugin
security-review
✓★ 844by sentry
Security code review for vulnerabilities. Use when asked to "security review", "find vulnerabilities", "check for security issues", "audit security", "OWASP…
🔌 Part of the skills plugin
gha-security-review
✓★ 844by sentry
GitHub Actions security review for workflow exploitation vulnerabilities. Use when asked to "review GitHub Actions", "audit workflows", "check CI security",…
🔌 Part of the skills plugin
find-bugs
✓★ 844by sentry
Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit…
🔌 Part of the skills plugin
terraform-style-guide
✓★ 697by hashicorp
Generate and maintain Terraform code following HashiCorp's official style conventions. Enforces two-space indentation, lowercase underscore naming, and standard file organization across terraform.tf , providers.tf , main.tf , variables.tf , outputs.tf , and locals.tf Requires type and description on all variables and outputs, with validation rules and sensitive flag support for credentials Prioritizes for_each over count for dynamic resources, applies security hardening (encryption, private...
firebase-auth-basics
✓★ 370by firebase
Set up Firebase Authentication with multiple identity providers and secure data access rules. Supports email/password, phone number, anonymous, federated providers (Google, Facebook, Twitter, GitHub, Microsoft, Apple), and custom auth integration Each authenticated user receives a unique ID and JWT-based tokens (short-lived ID tokens and long-lived refresh tokens) for accessing Firebase services Enable providers via CLI for Google Sign In, anonymous, and email/password; use Firebase Console...
🔌 Part of the agent-skills plugin
firebase-app-hosting-basics
✓★ 370by firebase
Deploy and manage full-stack web apps with Firebase App Hosting using Next.js, Angular, and other supported frameworks. Requires Firebase project on Blaze pricing plan; supports Server-Side Rendering (SSR) and Incremental Static Regeneration (ISR) workflows Deploy via firebase.json configuration with optional apphosting.yaml for backend setup, or enable automated "git push to deploy" through GitHub integration Includes secret management via CLI commands for secure access to sensitive keys...
🔌 Part of the agent-skills plugin
firebase-ai-logic-basics
✓★ 370by firebase
Official skill for integrating Firebase AI Logic (Gemini API) into web applications. Covers setup, multimodal inference, structured output, and security.
🔌 Part of the agent-skills plugin
firebase-security-rules-auditor
✓★ 370by firebase
A skill to evaluate how secure Firestore security rules are. Use this when Firestore security rules are updated to ensure that the generated rules are…
🔌 Part of the agent-skills plugin
firebase-firestore
✓★ 370by firebase
Before setting up dependencies, writing data models, or configuring security rules, you MUST always identify the Firestore instance edition.
🔌 Part of the agent-skills plugin
firebase-security-rules-auditor
✓★ 370by firebase
A skill to evaluate how secure Firestore security rules are. Use this when Firestore security rules are updated to ensure that the generated rules are…
🔌 Part of the agent-skills plugin
firebase-firestore
✓★ 370by firebase
Before setting up dependencies, writing data models, or configuring security rules, you MUST always identify the Firestore instance edition.
🔌 Part of the agent-skills plugin
firebase-auth-basics
✓★ 370by firebase
Set up Firebase Authentication with multiple identity providers and secure data access. Supports email/password, phone number, anonymous, federated providers (Google, Facebook, Twitter, GitHub, Microsoft, Apple), and custom auth integration Users are identified by unique UIDs with optional properties including email, display name, photo URL, and email verification status Authentication via CLI enables Google Sign In, anonymous auth, and email/password; other providers require Firebase...
🔌 Part of the agent-skills plugin
firebase-ai-logic-basics
✓★ 370by firebase
Official skill for integrating Firebase AI Logic (Gemini API) into web applications. Covers setup, multimodal inference, structured output, and security.
🔌 Part of the agent-skills plugin
azure-compliance
✓★ 226by Azure
Comprehensive Azure compliance and security auditing capabilities including best practices assessment, Key Vault expiration monitoring, and resource configuration validation.
azure-aigateway
✓★ 226by Azure
Configure Azure API Management (APIM) as AI Gateway to secure, observe, control AI models, MCP servers, agents. Helps with rate limiting, semantic caching, content safety, load balancing.
dv-security
✓★ 161by microsoft
Security-role assignment, user access, application users, business units, and admin self-elevation in Dataverse environments. Use when the user wants to give…
redis-development
✓★ 82by redis
Redis performance optimization across data structures, query engines, vector search, and semantic caching. Covers 29 prioritized rules across 11 categories including data modeling, memory management, Redis Query Engine (RQE), vector search with RedisVL, and LangCache semantic caching Provides structured guidance for connection pooling, JSON document handling, streams, clustering, security (ACLs), and observability Each rule includes explanations, correct examples, anti-patterns or usage...
security-alert-review
✓★ 24by microsoft
List and review Advanced Security alerts for an Azure DevOps repository. Shows dependency vulnerabilities, secret exposure, and code scanning findings with…