entityprocess/agentv-governance
skills-data/agentv-governance/SKILL.md
Author, edit, and lint `governance:` blocks in `*.eval.yaml` files. Use when creating or updating evaluation suites that carry AI-governance metadata (OWASP LLM Top 10, OWASP Agentic Top 10, MITRE ATLAS, EU AI Act, ISO 42001). Also use non-interactively (e.g., from a GitHub Action) to lint changed eval files and report violations against the rules in `references/lint-rules.md`. Do NOT use for running evals or benchmarking — that belongs to agentv-bench.
$ install --global
skillsauthnpx skillsauth add entityprocess/agentv agentv-governanceInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 25, 2026, 3:20 AM111.8s8 files scanned
SKILL.md
- name:
- agentv-governance
- description:
- >-
- Author, edit, and lint `governance:
- ` blocks in `*.eval.yaml` files.
AgentV Compliance Skill
Teaches AI agents how to author syntactically correct governance: blocks in AgentV
eval files, and how to lint them against known vocabulary rules.
Dual mode
Authoring (interactive): When a human or AI agent is editing a *.eval.yaml file
that contains or should contain a governance: block, this skill provides vocabulary,
valid values, and example shapes. Load it alongside agentv-eval-writer when building
red-team or compliance suites.
Linting (non-interactive / CI): When invoked from a GitHub Action (see
examples/governance/compliance-lint/), this skill lints each changed *.eval.yaml file
against the rules in references/lint-rules.md and returns a structured JSON report.
The expected output format is:
{
"pass": true,
"violations": [
{
"rule": "known_key",
"key": "risk_level",
"value": "high",
"message": "Unknown governance key 'risk_level'. Did you mean 'risk_tier'?",
"suggestion": "Replace 'risk_level' with 'risk_tier'."
}
]
}
pass is true when violations is empty.
Reference files
| File | Purpose |
|------|---------|
| references/governance-yaml-shape.md | YAML shape, merge semantics, worked examples |
| references/lint-rules.md | Machine-readable rules applied during lint |
| references/owasp-llm-top-10-2025.md | LLM01–LLM10 canonical IDs and descriptions |
| references/owasp-agentic-top-10-2025.md | T01–T10 agentic-AI categories |
| references/mitre-atlas.md | Common AML.Txxxx technique IDs |
| references/eu-ai-act-risk-tiers.md | Four risk tiers + article references |
| references/iso-42001-controls.md | Curated ISO/IEC 42001:2023 controls for AI eval |
Quick authoring guide
- Check which risks this eval exercises using the reference files above.
- Pick IDs from the relevant frameworks (
owasp_llm_top_10_2025,mitre_atlas, etc.). - Set
risk_tierusing EU AI Act vocabulary (prohibited | high | limited | minimal). - Add
controlsas<FRAMEWORK>-<VERSION>:<ID>strings (e.g.EU-AI-ACT-2024:Art.55). - Run the lint rules from
references/lint-rules.mdagainst your block before committing. - See
references/governance-yaml-shape.mdfor complete examples copied from real suites.
Accessing reference files
To load a specific reference without pulling the entire skill into context:
agentv skills get agentv-governance --ref lint-rules
Or resolve the skill directory and read files directly:
cat $(agentv skills path agentv-governance)/references/lint-rules.md
Use --full to retrieve every framework reference in one shot.
Related Skills
entityprocess/agentv-trace-analyst
tools
VerifiedTrustedCommunity
Analyze AgentV evaluation traces and result JSONL files using `agentv inspect` and `agentv compare` CLI commands. Use when asked to inspect AgentV eval results, find regressions between AgentV evaluation runs, identify failure patterns in AgentV trace data, analyze tool trajectories, or compute cost/latency/score statistics from AgentV result files. Do NOT use for benchmarking skill trigger accuracy, analyzing skill-creator eval performance, or measuring skill description quality — those tasks belong to the skill-creator skill.
12SKILL.mdUpdated May 25, 2026
entityprocess/agentv-eval-writer
development
VerifiedTrustedCommunity
Write, edit, review, and validate AgentV EVAL.yaml / .eval.yaml evaluation files. Use when asked to create new eval files, update or fix existing ones, add or remove test cases, configure graders (`llm-grader`, `code-grader`, `rubrics`), review whether an eval is correct or complete, convert between EVAL.yaml and evals.json using `agentv convert`, or generate eval test cases from chat transcripts (markdown conversation or JSON messages). Do NOT use for creating SKILL.md files, writing skill definitions, or running evals — running and benchmarking belongs to agentv-bench.
12SKILL.mdUpdated May 25, 2026
entityprocess/agentv-eval-review
development
VerifiedTrustedCommunity
Use when reviewing eval YAML files for quality issues, linting eval files before committing, checking eval schema compliance, or when asked to "review these evals", "check eval quality", "lint eval files", or "validate eval structure". Do NOT use for writing evals (use agentv-eval-writer) or running evals (use agentv-bench).
12SKILL.mdUpdated May 25, 2026
entityprocess/agentv-bench
documentation
VerifiedTrustedCommunity
Run AgentV evaluations and optimize agents through eval-driven iteration. Triggers: run evals, benchmark agents, optimize prompts/skills against evals, compare agent outputs across providers, analyze eval results, offline evaluation of recorded sessions, run autoresearch, optimize unattended, run overnight optimization loop. Not for: writing/editing eval YAML without running (use agentv-eval-writer), analyzing existing traces/JSONL without re-running (use agentv-trace-analyst).
12SKILL.mdUpdated May 25, 2026