avav25/prompt-engineering
plugin/skills/prompt-engineering/SKILL.md
Use this skill when designing prompts, building AI features, or auditing LLM security — a prompt engineering knowledge base covering technique taxonomy, template patterns, the OWASP LLM Top 10 security checklist, eval frameworks, structured output contracts, and cost optimization.
$ install --global
skillsauthnpx skillsauth add avav25/ai-assets prompt-engineeringInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 23, 2026, 4:34 AM45.3s10 files scanned
SKILL.md
- name:
- prompt-engineering
- description:
- Use this skill when designing prompts, building AI features, or auditing LLM security — a prompt engineering knowledge base covering technique taxonomy, template patterns, the OWASP LLM Top 10 security checklist, eval frameworks, structured output contracts, and cost optimization.
- disable-model-invocation:
- true
Prompt Engineering
Comprehensive prompt engineering knowledge base. Provides actionable patterns, checklists, and guides for designing, securing, evaluating, and optimizing LLM prompts and agent systems.
When to Use
- Designing or reviewing prompt templates (system, developer, user prompts)
- Building tool calling schemas and structured output contracts
- Evaluating prompt quality — accuracy, safety, cost, latency
- Auditing LLM security against OWASP LLM Top 10
- Designing multi-agent orchestration and handoff protocols
- Optimizing prompt cost and latency
- Creating or reviewing Claude Code AI assets (rules, workflows, skills — all are prompts)
- Authoring or auditing a plugin skill — frontmatter spec, body length, progressive disclosure, scripts, eval (see
skill-authoring-spec.md) or a mis-triggering / fuzzy description (seeoptimizing-descriptions.md) - Setting up prompt versioning and observability
When NOT to Use
- Implementing backend/frontend code (use
Agent(software-engineer)+ stack-specific role) - Infrastructure and deployment (use
Agent(devops-engineer)) - Writing code tests (use
Agent(qa-engineer)+test-strategyskill) - Content writing (use
Agent(content-writer)) - Context pipeline design, memory engineering, agent harness, RAG architecture, multi-agent orchestration, production AI checklists → use
context-engineeringskill
Key Concepts
Prompt as System
A prompt is not a string — it is a system composed of:
- Instruction hierarchy: System prompt > Developer prompt > User prompt > Retrieved content
- Context assembly: What enters the context window, in what order, with what priority
- Output contract: Schema, format, constraints, error handling, fallback behavior
- Tool interface: Available tools, their schemas, permissions, composition patterns
- Guard rails: Safety filters, refusal policies, output validators
- Versioning: Immutable versions, deployment tags, audit trail
Core Principles
- Eval-first: Define how to measure before changing anything
- Simplest technique: Zero-shot → few-shot → CoT → chaining. Escalate only when simpler fails
- Explicit over implicit: Spell out constraints, output format, edge cases. Never assume the model "knows"
- Separation of concerns: Instructions vs data vs examples — always delimited
- Grounding: Prefer citations and verifiable data over unanchored claims
- Least privilege: Minimal tool permissions per agent. HITL for high-impact actions
- Cost awareness: Every token costs money and time. Compress, cache, route
Resource Files
| File | Contents |
|---|---|
| technique-guide.md | Full technique taxonomy with decision tree, examples, and anti-patterns |
| prompt-template-patterns.md | Delimiter conventions, system prompt structure, few-shot formatting, CoT triggers, output schema patterns |
| security-checklist.md | OWASP LLM Top 10 mapped to prompt-level mitigations with checklist |
| eval-and-testing-guide.md | Eval frameworks, grader types, dataset curation, A/B testing, regression gates |
| prompt-versioning-and-providers.md | Version-control patterns for prompts, prompt registry layout, provider differences (Anthropic / OpenAI / Google / open-source), portability tradeoffs |
| prompt-deployment-and-monitoring.md | Production rollout patterns — staged release, canary, rollback, observability, cost/latency monitoring, drift detection, on-call runbook hooks |
| advanced-techniques-and-models.md | Advanced techniques (self-consistency, tree-of-thought, ReAct, reflection) and model-specific patterns (Claude reasoning vs OpenAI, Gemini long context, Haiku/Sonnet/Opus selection) |
| skill-authoring-spec.md | Cached agentskills.io digest — skill specification (frontmatter/naming/dirs/progressive disclosure), best practices, scripts, and skill-output eval. Read when authoring or auditing a plugin skill |
| optimizing-descriptions.md | Cached agentskills.io digest — writing skill description triggering surface: imperative phrasing, trigger eval queries, train/val split, optimization loop. Read when a skill is mis-triggering or its description needs tuning |
Integration
- Follows rules:
Agent(prompt-engineer)(prompt system architecture, security, eval-first quality) - Used by workflows:
/plugin-doctor(prompt-engineering checks during plugin self-diagnostic),/developand/feature-dev(AI features),/feature-design(Wave-2 review for AI/LLM systems),/code-review(prompt quality review),/plugin-skill-create(skill scaffolding follows prompt-engineering patterns) - Companion skills:
context-engineeringskill (context pipeline design, memory engineering, agent harness, RAG architecture, multi-agent orchestration, production checklists),code-reviewskill (review checklists) - Collaborates with roles:
Agent(software-engineer)(prompt integration),Agent(qa-engineer)(prompt regression tests),Agent(product-manager)(success metrics)
Related Skills
avav25/knowledge-sync
development
VerifiedTrustedCommunity
Use this skill when running the recurring (daily) knowledge-base rescan for a repo that already has knowledge/.knowledge-sync.yml — the main-thread dispatcher that reads the config, computes the git delta since last_scanned_sha, maps changed paths to affected doc areas, early-exits cheaply when nothing changed, then fans out one Agent(content-writer) per affected area, applies the propose/direct update policy, advances the baseline only on success, and writes an L4 run log — all with the G1 untrusted-content choke-point, secret-scan, deny-list, and budget controls woven in. For first-time setup use /knowledge-sync-init.
1SKILL.mdUpdated May 24, 2026
avav25/knowledge-sync-init
development
VerifiedTrustedCommunity
Use this skill when bootstrapping scheduled knowledge-base sync for a repo that has no knowledge/.knowledge-sync.yml yet — to run one-time setup that detects the knowledge_root from CLAUDE.md/AGENTS.md, maps doc areas to source globs, records opt-in external sources (Linear/Notion/WebFetch, all disabled by default), captures a baseline last_scanned_sha, sets the per-area update policy, generates or seeds knowledge/CONVENTIONS.md, provisions the L4 memory dir, and offers to register the daily routine. Routes ongoing recurring sync operations to /knowledge-sync.
1SKILL.mdUpdated May 24, 2026
avav25/ai-skills-init
tools
VerifiedTrustedCommunity
Use this skill when bootstrapping a target repository to be ai-skills-aware — on the first run of any ai-skills workflow in a fresh repo, when adopting the ai-skills plugin in an existing repo, or after upgrading to a plugin version that adds new memory paths or templates, including when the user does not say "init" but asks to "set up" or "onboard" the repo — to detect codebase type, create CLAUDE.md + AGENTS.md scaffolding, initialize the .ai-skills-memory/ directory tree from L1 templates, and configure .gitignore. Idempotent — safe to re-run. Accepts `--codebase-type <type>` and `--overwrite`. Not for re-initializing only memory — use `/memory-init` instead.
1SKILL.mdUpdated May 18, 2026
avav25/plugin-author
tools
VerifiedTrustedCommunity
Use this skill when extending, repairing, or improving plugin assets, when ingesting a `/feedback` report as a fix-cycle backlog, or when you do not remember which lower-level command is right for the job — the umbrella workflow for ai-skills plugin-asset authoring and maintenance: creating, auditing, fixing, improving, refactoring, and migrating skills, agents, rules, hooks, prompts, schemas, and rubrics inside the plugin. Auto-classifies the request, loads the right knowledge skills (`@prompt-engineering`, `@context-engineering`, `@team-protocols`), and spawns the right subagents (`prompt-engineer`, `system-architect`, `python-engineer`, `software-engineer`, `qa-engineer`, `eval-judge`) via the `Agent` tool.
1SKILL.mdUpdated May 14, 2026