agent-governance_skill

This skill helps you implement governance, safety, and audit controls for AI agents, enabling policy enforcement, threat detection, and trusted tooling.
  • JavaScript
  • Official

22.8k

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

3 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill github/awesome-copilot --skill agent-governance

  • SKILL.md18.1 KB

Overview

This skill captures patterns and techniques for adding governance, safety, and trust controls to AI agent systems. It describes composable policies, intent classification, tool-level enforcement, trust scoring, and append-only audit trails to keep agents accountable and safe. Use the patterns with any agent framework to limit capabilities, detect dangerous prompts, and maintain compliance.

How this skill works

The skill inspects agent inputs and tool invocations through a layered pipeline: intent classification runs first to flag risky prompts, then policy checks (allowlist/blocklist, content filters, rate limits, and approval gates) decide whether to allow, review, or deny actions. Tool calls are wrapped with decorators that enforce policy and record audit entries. Trust scores track agent reliability over time and can gate sensitive operations.

When to use it

  • When agents call external tools (APIs, databases, shell commands) and need constrained access
  • For multi-agent workflows where delegation requires trust boundaries and selection
  • In production deployments with compliance, auditing, or safety requirements
  • When preventing data exfiltration, privilege escalation, or prompt injection
  • To enforce rate limits, content filters, or require human approval for risky actions

Best practices

  • Model policies as serializable configuration (YAML/JSON) and compose them from broad to specific with most-restrictive-wins semantics
  • Run semantic intent classification before any tool execution to block or flag dangerous prompts early
  • Wrap every external tool with a governance decorator that enforces policy and appends audit events
  • Use decay-based trust scores to adjust autonomy over time and gate sensitive operations by threshold
  • Keep an append-only audit trail (JSONL) for denied actions and human review, and export logs to aggregation systems

Example use cases

  • Govern a support bot that can search docs and create tickets but cannot access customer SSNs
  • Block prompt-injection attempts before they trigger dangerous tool calls like shell_exec
  • Maintain trust scores for multiple worker agents and choose the most trusted delegate for a task
  • Enforce per-request rate limits and content pattern checks on document retrieval tools
  • Produce auditable JSONL logs for compliance reviews and security investigations

FAQ

Compose policies with most-restrictive-wins: merge blocklists and patterns, intersect allowed tool lists, and take the minimum rate limit.

When should intent classification run?

Always run intent classification as a pre-flight check before policy evaluation and any tool execution to catch malicious prompts early.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
agent-governance skill by github/awesome-copilot | VeilStrat