igorwarzocha/agent-architect
.opencode/skill/agent-architect/SKILL.md
Create and refine OpenCode agents via guided Q&A. Use proactively for agent creation, performance improvement, or configuration design. Examples: - user: "Create an agent for code reviews" → ask about scope, permissions, tools, model preferences, generate AGENTS.md frontmatter - user: "My agent ignores context" → analyze description clarity, allowed-tools, permissions, suggest improvements - user: "Add a database expert agent" → gather requirements, set convex-database-expert in subagent_type, configure permissions - user: "Make my agent faster" → suggest smaller models, reduce allowed-tools, tighten permissions
$ install --global
skillsauthnpx skillsauth add igorwarzocha/opencode-workflows agent-architectInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 5, 2026, 8:06 PM4.3s3 files scanned
SKILL.md
- name:
- agent-architect
- description:
- |-
- - user:
- Make my agent faster" → suggest smaller models, reduce allowed-tools, tighten permissions
Agent Architect
Create and refine opencode agents through a guided Q&A process.
<core_approach>
Agent creation is conversational, not transactional.
- MUST NOT assume what the user wants—ask
- SHOULD start with broad questions, drill into details only if needed
- Users MAY skip configuration they don't care about
- MUST always show drafts and iterate based on feedback
The goal is to help users create agents that fit their needs, not to dump every possible configuration option on them.
</core_approach>
<question_tool>
Batching: Use the question tool for 2+ related questions. Single questions → plain text.
Syntax: header ≤12 chars, label 1-5 words, add "(Recommended)" to default.
CRITICAL Permission Logic:
- You MUST ask the user about permissions explicitly.
- If user selects "Standard/Default" or "No extra", do NOT list
bash,read,write,editpermissions. Rely on system defaults. - Only add explicit permission blocks for tools when the user requests NON-STANDARD access (e.g., restrictive, or specific allows).
- EXCEPTION: Skills MUST ALWAYS be configured with
"*": "deny"and explicit allows, regardless of tool permissions.
</question_tool>
<reference>Agent Locations
| Scope | Path |
|-------|------|
| Project | .opencode/agent/<name>.md |
| Global | ~/.config/opencode/agent/<name>.md |
Agent File Format
---
description: When to use this agent. Include trigger examples.
model: anthropic/claude-sonnet-4-20250514 # Optional
mode: subagent # Optional (defaults to undefined/standard)
permission:
skill: { "*": "deny", "my-skill": "allow" }
bash: { "*": "ask", "git *": "allow" }
---
System prompt in markdown body (second person).
Full schema: See references/opencode-config.md
Agent Modes
| Mode | Description |
|------|-------------|
| (undefined) | Standard agent, visible to user and tools (Default) |
| subagent | specialized task tool agent, hidden from main list |
Phase 1: Core Purpose (Required)
Ask these first—they shape everything else:
-
"What should this agent do?"
- Get the core task/domain
- Examples: "review code", "help with deployments", "research topics"
-
"What should trigger this agent?"
- Specific phrases, contexts, file types
- Becomes the
descriptionfield
-
"What expertise/persona should it have?"
- Tone, boundaries, specialization
- Shapes the system prompt
Phase 1.5: Research the Domain
MUST NOT assume knowledge is current. After understanding the broad strokes:
- Search for current best practices in the domain
- Check for updates to frameworks, tools, or APIs the agent will work with
- Look up documentation for any unfamiliar technologies mentioned
- Find examples of how experts approach similar tasks
This research informs better questions in Phase 2 and produces a more capable agent.
Example: User wants an agent for "Next.js deployments" → Research current Next.js deployment patterns, Vercel vs self-hosted, App Router vs Pages Router, common pitfalls, etc.
Phase 2: Capabilities (Ask broadly, then drill down)
-
"What permissions does this agent need?" (Use Question Tool)
- Options: "Standard (Recommended)", "Read-Only", "Full Access", "Custom"
- Standard: Do NOT add
bash,read,write,editto config. Rely on defaults. - Read-Only: Explicitly deny write/edit/bash.
- Full Access: Allow bash
*if needed. - Custom: Ask specific follow-ups.
-
"Should this agent use any skills?"
- If yes: "Which ones?"
- ALWAYS configure
permission.skillwith"*": "deny"and explicit allows. - This applies even if other permissions are standard.
-
"Is this a subagent?"
- If yes: set
mode: subagent - If no: leave
modeundefined (standard)
- If yes: set
Phase 3: Details (Optional—user MAY skip)
- "Any specific model preference?" (most users skip)
- "Custom temperature/sampling?" (most users skip)
- "Maximum steps before stopping?" (most users skip)
Phase 4: Review & Refine
- Show the draft config and prompt, ask for feedback
- "Here's what I've created. Anything you'd like to change?"
- Iterate until user is satisfied
Key principle: Start broad, get specific only where the user shows interest. MUST NOT overwhelm with options like top_p unless asked.
Be flexible: If the user provides lots of info upfront, adapt—MUST NOT rigidly follow the phases. If they say "I want a code review agent that can't run shell commands", you already have answers to multiple questions.
</workflow><system_prompt_structure>
Recommended Structure
# Role and Objective
[Agent purpose and scope]
# Instructions
- Core behavioral rules
- What to always/never do
## Sub-instructions (optional)
More detailed guidance for specific areas.
# Workflow
1. First, [step]
2. Then, [step]
3. Finally, [step]
# Output Format
Specify exact format expected.
# Examples (optional)
<examples>
<example>
<input>User request</input>
<output>Expected response</output>
</example>
</examples>
XML Tags (Recommended)
XML tags improve clarity and parseability across all models:
| Tag | Purpose |
|-----|---------|
| <instructions> | Core behavioral rules |
| <context> | Background information |
| <examples> | Few-shot demonstrations |
| <thinking> | Chain-of-thought reasoning |
| <output> | Final response format |
Best practices:
- Be consistent with tag names throughout
- Nest tags for hierarchy:
<outer><inner></inner></outer> - Reference tags in instructions: "Using the data in
<context>tags..."
Example:
<instructions>
1. Analyze the code in <code> tags
2. List issues in <findings> tags
3. Suggest fixes in <recommendations> tags
</instructions>
Description Field (Critical)
The description determines when the agent triggers.
Primary Agents: Keep it extremely concise (PRECISELY 3 words). The user selects these manually or via very clear intent.
Any Other Agents: Must be specific and exhaustive to ensure correct routing by the task tool.
Template (Any Other Agents): [Role/Action]. Use when [triggers]. Examples: - user: "trigger" -> action
Good (Primary):
Code review expert.
Good (Any Other Agents):
Code review specialist. Use when user says "review this PR", "check my code",
"find bugs".
Examples:
- user: "review" -> check code
- user: "scan" -> check code
Prompt Altitude
Find the balance between too rigid and too vague:
| ❌ Too Rigid | ✅ Right Altitude | ❌ Too Vague | |-------------|-------------------|-------------| | Hardcoded if-else logic | Clear heuristics + flexibility | "Be helpful" | | "If X then always Y" | "Generally prefer X, but use judgment" | No guidance |
</system_prompt_structure>
<agentic_components>
For agents that use tools in a loop, SHOULD include these reminders:
# Persistence
Keep working until the user's request is fully resolved. Only yield
control when you're confident the task is complete.
# Tool Usage
If unsure about something, use tools to gather information.
Do NOT guess or make up answers.
# Planning (optional)
Think step-by-step before each action. Reflect on results before
proceeding.
</agentic_components>
<permissions>Control what agents can access.
CRITICAL: Avoid Overengineering
- Do NOT list permissions for standard tools (
read,write,edit,bash) unless the user explicitly asks for restrictions or non-standard access. - Rely on system defaults for most agents.
- Skills are the exception: You MUST always configure
permission.skillto whitelist specific skills and deny others.
# Standard Agent (minimal config)
permission:
skill:
"*": "deny"
"my-skill": "allow"
# Restricted Agent (explicit config)
permission:
edit: "ask"
bash:
"*": "deny"
skill:
"*": "deny"
Full reference: See references/opencode-config.md
Legacy Configuration
Agents may occasionally work on legacy projects using outdated frontmatter (e.g., tools:, maxSteps:). You MUST correct these to the modern permission: and steps: fields when encountered.
<enhancement_workflow>
When improving an agent, diagnose through questions:
- "What's not working well?" — Get specific symptoms
- "Can you show me an example where it failed?" — Understand the gap
- "What should it have done instead?" — Define success
Then propose targeted fixes:
| Symptom | Likely Cause | Fix |
|---------|--------------|-----|
| Triggers too often | Description too broad | Add specific contexts |
| Misses triggers | Description too narrow | Add trigger phrases |
| Wrong outputs | Prompt ambiguous | Add explicit instructions |
| Executes dangerous commands | Loose bash permissions | Restrict with patterns |
| Uses wrong skills | No skill restrictions | Configure permission.skill |
MUST show proposed changes and ask for confirmation before applying.
</enhancement_workflow>
<examples>Restricted Code Review Agent
---
description: Safe code reviewer.
mode: primary
permission:
edit: "ask"
bash: "deny"
write: "deny"
external_directory: "deny"
---
You are a code review specialist. Analyze code for bugs, security issues,
and improvements. Never modify files directly.
Deployment Agent (Any Other Agents)
---
description: |-
Deployment helper. Use when user says "deploy to staging", "push to prod",
"release version".
Examples:
- user: "deploy" -> run deployment
- user: "release" -> run deployment
mode: subagent
permission:
bash:
"*": "deny"
"git *": "allow"
"npm run build": "allow"
"npm run deploy:*": "ask"
skill:
"*": "deny"
"deploy-checklist": "allow"
---
You are a deployment specialist...
<quality_checklist>
Before showing the final agent to the user:
- [ ] Asked about core purpose and triggers
- [ ] Researched the domain (MUST NOT assume knowledge is current)
- [ ]
descriptionhas concrete trigger examples - [ ]
modediscussed and set appropriately - [ ] System prompt uses second person
- [ ] Asked about tool/permission needs (MUST NOT assume)
- [ ] Output format is specified if relevant
- [ ] Showed draft to user and got feedback
- [ ] User confirmed they're happy with result
</quality_checklist>
References
references/agent-patterns.md- Design patterns and prompt engineeringreferences/opencode-config.md- Full frontmatter schema, tools, permissions
Related Skills
igorwarzocha/writing
development
VerifiedTrustedCommunity
Handle structured co-authoring of professional documentation. Use for proposals, technical specs, and RFCs. Use proactively when a collaborative drafting process (Gathering -> Refinement -> Testing) is needed. Examples: - user: "Draft a technical RFC for the new API" -> follow Stage 1 context gathering - user: "Refine the introduction of this proposal" -> use iterative surgical edits - user: "Test if this document is clear for readers" -> run reader testing workflow
100SKILL.mdUpdated Apr 5, 2026
igorwarzocha/word
development
VerifiedTrustedCommunity
Handle Word document (.docx) creation, editing, and analysis with high-fidelity visual review. Use for professional reports, legal documents, and tracked changes. Use proactively when quality and precise formatting are critical. Examples: - user: "Create a professional report in Word" -> use python-docx with render loops - user: "Draft a legal contract with redlines" -> use ooxml redlining workflow - user: "Extract text from this DOCX while preserving structure" -> use pandoc markdown conversion
100SKILL.mdUpdated Apr 5, 2026
igorwarzocha/themes
testing
VerifiedTrustedCommunity
Apply professional visual themes to documents and presentations. Use for styling artifacts with consistent color palettes and font pairings. Use proactively to quickly improve the aesthetic quality of deliverables. Examples: - user: "Apply a modern theme to this deck" -> use Modern Minimalist theme - user: "I want a tech aesthetic for this doc" -> apply Tech Innovation theme - user: "Create a custom theme for my project" -> generate new color/font specification
100SKILL.mdUpdated Apr 5, 2026
igorwarzocha/skill-creator
tools
VerifiedTrustedCommunity
Guide for creating effective opencode skills. Use for creating or updating skills that extend agent capabilities with specialized knowledge, workflows, or tool integrations. Examples: - user: "Create a skill for git workflows" → define SKILL.md with instructions and examples - user: "Add examples to my skill" → follow the user: "query" → action pattern - user: "Update skill description" → use literal block scalar and trigger contexts - user: "Structure a complex skill" → organize with scripts/ and references/ directories - user: "Validate my skill" → check structure, frontmatter, and discovery triggers
100SKILL.mdUpdated Apr 5, 2026