Agent Skills
Instruction packs that give your AI agent know-how. Three different kinds — pick the right one below.
✦ Standalone skills2,933
Self-contained. Install one into any project and it works on its own — no other software needed.
🧰 Tool add-ons726
Come bundled with a specific tool and only work together with it — they teach your agent how to operate that tool.
azure-resource-visualizer
✓★ 1,300by microsoft
Transform Azure resource groups into detailed architecture diagrams showing resource relationships and configurations. Discovers all resources within a resource group and analyzes their configurations, dependencies, and interconnections Generates Mermaid diagrams organized by logical layers (Network, Compute, Data, Security, Monitoring) with SKU details and connection labels Maps relationships including network connections, data flows, identity bindings, and configuration dependencies across...
entra-app-registration
✓★ 1,300by microsoft
Microsoft Entra ID app registration, OAuth 2.0 configuration, and MSAL integration for secure application authentication. Covers app registration setup, authentication configuration, API permissions, and client credential management across web apps, SPAs, mobile apps, and daemon services Includes step-by-step workflows for first-time registration, console application authentication, and service-to-service credential flows Provides Azure CLI commands, MSAL library examples for .NET,...
owasp-cicd
✓★ 1,200by microsoft
OWASP CI/CD Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in continuous integration and continuous delivery…
owasp-docker
✓★ 1,200by microsoft
OWASP Docker Top 6 vulnerability knowledge base for identifying, assessing, and remediating security risks in containerized Docker environments - Brought to…
secure-by-design
✓★ 1,200by microsoft
Secure by Design principles knowledge base for assessing adherence to security-first design, development, and deployment practices across the software…
owasp-llm
✓★ 1,200by microsoft
OWASP Top 10 for LLM Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in large language model…
owasp-infrastructure
✓★ 1,200by microsoft
OWASP Infrastructure Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in internal IT infrastructure environments…
owasp-agentic
✓★ 1,200by microsoft
OWASP Agentic Security Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in AI agent systems - Brought to you by…
owasp-top-10
✓★ 1,200by microsoft
OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application…
owasp-mcp
✓★ 1,200by microsoft
OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to…
django-access-review
✓★ 844by sentry
Django access control and IDOR security review. Use when reviewing Django views, DRF viewsets, ORM queries, or any Python/Django code handling user…
find-bugs
✓★ 844by sentry
Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit…
skill-scanner
✓★ 844by sentry
Automated security scanning for agent skills before installation, detecting prompt injection, malicious code, excessive permissions, and supply chain risks. Runs static analysis via bundled Python scanner that outputs structured JSON findings with severity levels and URLs Validates SKILL.md frontmatter (required fields, tool justification, model overrides) and checks for config poisoning or scope creep in instructions Analyzes scripts for data exfiltration, reverse shells, credential theft,...
security-review
✓★ 844by sentry
Systematic security code review identifying high-confidence vulnerabilities with data-flow verification. Focuses exclusively on HIGH CONFIDENCE findings: vulnerable patterns with confirmed attacker-controlled input, skipping theoretical issues and framework-mitigated code Requires codebase research before reporting: traces data flow, checks for validation/sanitization, and verifies exploitability rather than pattern-matching alone Covers 14 vulnerability categories (injection, XSS,...
django-access-review
✓★ 844by sentry
Django access control and IDOR security review. Use when reviewing Django views, DRF viewsets, ORM queries, or any Python/Django code handling user…
skill-scanner
✓★ 844by sentry
Scan agent skills for security issues. Use when asked to "scan a skill",
gha-security-review
✓★ 844by sentry
GitHub Actions security review for workflow exploitation vulnerabilities. Use when asked to "review GitHub Actions", "audit workflows", "check CI security",…
gha-security-review
✓★ 844by sentry
GitHub Actions security review for workflow exploitation vulnerabilities. Use when asked to "review GitHub Actions", "audit workflows", "check CI security",…
find-bugs
✓★ 844by sentry
Comprehensive code review identifying bugs, security vulnerabilities, and quality issues in branch changes. Executes a structured five-phase review process: gathering the complete diff, mapping attack surfaces, running a detailed security checklist, verifying findings, and auditing coverage before conclusions Security checklist covers 11 critical areas including injection, XSS, authentication, authorization, CSRF, race conditions, session management, cryptography, information disclosure,...
code-review
✓★ 844by sentry
Code review framework following Sentry engineering practices for pull requests and code quality assessment. Covers six key problem areas: runtime errors, performance bottlenecks, side effects, backwards compatibility, ORM query issues, and security vulnerabilities Includes design assessment guidance for component interactions, architectural alignment, and requirement conflicts Requires appropriate test coverage across functional, integration, and end-to-end tests with verification of edge...
security-review
✓★ 844by sentry
Security code review for vulnerabilities. Use when asked to "security review", "find vulnerabilities", "check for security issues", "audit security", "OWASP…
terraform-style-guide
✓★ 697by hashicorp
Generate and maintain Terraform code following HashiCorp's official style conventions. Enforces two-space indentation, lowercase underscore naming, and standard file organization across terraform.tf , providers.tf , main.tf , variables.tf , outputs.tf , and locals.tf Requires type and description on all variables and outputs, with validation rules and sensitive flag support for credentials Prioritizes for_each over count for dynamic resources, applies security hardening (encryption, private...
auditing-skills
★ 605by dbt-labs
Use when checking skills for security or quality issues, reviewing audit results from skills.sh or Tessl, or remediating findings across published skills.
firebase-auth-basics
✓★ 370by firebase
Set up Firebase Authentication with multiple identity providers and secure data access. Supports email/password, phone number, anonymous, federated providers (Google, Facebook, Twitter, GitHub, Microsoft, Apple), and custom auth integration Users are identified by unique UIDs with optional properties including email, display name, photo URL, and email verification status Authentication via CLI enables Google Sign In, anonymous auth, and email/password; other providers require Firebase...
firebase-ai-logic-basics
✓★ 370by firebase
Official skill for integrating Firebase AI Logic (Gemini API) into web applications. Covers setup, multimodal inference, structured output, and security.
firebase-security-rules-auditor
✓★ 370by firebase
A skill to evaluate how secure Firestore security rules are. Use this when Firestore security rules are updated to ensure that the generated rules are…
firebase-auth-basics
✓★ 370by firebase
Set up Firebase Authentication with multiple identity providers and secure data access rules. Supports email/password, phone number, anonymous, federated providers (Google, Facebook, Twitter, GitHub, Microsoft, Apple), and custom auth integration Each authenticated user receives a unique ID and JWT-based tokens (short-lived ID tokens and long-lived refresh tokens) for accessing Firebase services Enable providers via CLI for Google Sign In, anonymous, and email/password; use Firebase Console...
firebase-security-rules-auditor
✓★ 370by firebase
A skill to evaluate how secure Firestore security rules are. Use this when Firestore security rules are updated to ensure that the generated rules are…
firebase-firestore
✓★ 370by firebase
Before setting up dependencies, writing data models, or configuring security rules, you MUST always identify the Firestore instance edition.
firebase-firestore
✓★ 370by firebase
Before setting up dependencies, writing data models, or configuring security rules, you MUST always identify the Firestore instance edition.