50fa79407d
Some checks are pending
CI — CoM Config Validation / Validate JSON Configs (push) Waiting to run
CI — CoM Config Validation / Validate YAML Configs (push) Waiting to run
CI — CoM Config Validation / Lint Shell Scripts (push) Waiting to run
CI — CoM Config Validation / Secret Detection (push) Waiting to run
CI — CoM Config Validation / Lint Markdown (push) Waiting to run
CI — CoM Config Validation / Validate CODEOWNERS (push) Waiting to run
Public, sanitized mirror of an AI orchestration command center: agents, skills, MCP servers, slash-command workflows. All infrastructure identifiers, hostnames, mesh IPs/subnets, repo paths, maintainer identity, and hardware fleet specifics scrubbed to <placeholders>; session debug logs and host-specific memory removed. No live credentials. Verified clean by automated leak sweep. See SANITIZATION.md. churchofmalware.org . authorized research only
60 lines
2.9 KiB
Markdown
60 lines
2.9 KiB
Markdown
---
|
|
applyTo: "skills/**"
|
|
---
|
|
|
|
# Skills Instructions — CoM Slash-Command System (52 Skills)
|
|
|
|
## Skill Directory Structure
|
|
|
|
Each skill lives in its own directory under `skills/`:
|
|
```
|
|
skills/
|
|
└── skill-name/
|
|
├── skill.md # Entry point — loaded when skill is invoked
|
|
├── README.md # Usage docs, examples, agent mapping
|
|
└── [templates/] # Optional: output templates, prompts
|
|
```
|
|
|
|
## Skill File Format (skill.md)
|
|
|
|
Every skill.md must contain these sections:
|
|
1. **Title** — skill name as H1 heading
|
|
2. **Description** — one-line summary of what it does
|
|
3. **Trigger** — the slash command (e.g., `/audit`)
|
|
4. **Agents Involved** — which agents from the registry execute this skill
|
|
5. **Input** — what the user provides
|
|
6. **Output** — what the skill produces
|
|
7. **Steps** — ordered execution steps
|
|
8. **Error Handling** — what happens when a step fails
|
|
|
|
## Skill Categories (52 total)
|
|
|
|
- Core Operations (16 custom): /go, /swarm, /audit, /enterprise, /save, /delegate, /research, /knowledge, /sync-notion, /monitor, /security-audit, /syscheck, /crashcart, /hive, /mobile, /addison
|
|
- Security (10 imported): /static-analysis, /semgrep-rule-creator, /supply-chain-risk-auditor, /yara-authoring, /differential-review, /entry-point-analyzer, /threat-hunting, /incident-response-cyber, /recon-osint, /agentic-actions-auditor
|
|
- Engineering (11 imported): /incident-commander, /pr-review-expert, /changelog-generator, /observability-designer, /senior-secops, /runbook-generator, /docker-development, /dependency-auditor, /ci-cd-pipeline-builder, /release-manager, /tech-debt-tracker
|
|
- Project Management (4): /scrum-master, /ccpm, /ciso-advisor, /codebase-onboarding
|
|
- Anthropic Official (5): /skill-creator, /mcp-builder, /claude-api, /pdf, /webapp-testing
|
|
- Community (6): /deep-research, /tdd, /decision-toolkit, /context-builder, /firecrawl-research, /github-gist
|
|
|
|
## Agent Mapping Rules
|
|
|
|
- Skills must reference agents by their registered name from `a2a/agent-cards.json`
|
|
- Agent capabilities must match the skill requirements (don't assign Cipher to a research task)
|
|
- Multi-agent skills must define execution waves respecting max_concurrent_agents (3 on <node>)
|
|
- Imported skills may reference external tools (Kilo Code, Gemini) — document the delegation
|
|
|
|
## Creating New Skills
|
|
|
|
- Use `/skill-creator` to scaffold new skills from the standard template
|
|
- New skills must include a README.md with at least one usage example
|
|
- Skills that modify system state must include rollback instructions
|
|
- Skills that invoke external tools must document authentication requirements
|
|
- Test new skills with a dry-run before committing
|
|
|
|
## Naming Conventions
|
|
|
|
- Directory name: `kebab-case` matching the slash command (without the slash)
|
|
- Skill entry point: always `skill.md`
|
|
- Templates: descriptive names in `templates/` subdirectory
|
|
- No spaces or uppercase in directory or file names
|