pantheon-org/opencode-design-agents
skills/agentic-harness/opencode-toolkit/design-agents/SKILL.md
Create and refine OpenCode agents via guided Q&A. Use when creating an agent file, improving an existing agent, configuring AGENTS.md frontmatter, setting subagent_type, defining allowed-tools, restricting permissions, designing agent routing, writing a system prompt, configuring mode: subagent, setting a permission block, or working with the Task tool delegation pattern. Examples: 'Create an agent for code reviews', 'My agent ignores context', 'Add a database expert subagent', 'Make my agent faster', 'Agent triggers on wrong requests'.
$ install --global
skillsauthnpx skillsauth add pantheon-org/tekhne opencode-design-agentsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 28, 2026, 10:21 AM121.5s7 files scanned
SKILL.md
- name:
- opencode-design-agents
- description:
- Create and refine OpenCode agents via guided Q&A. Use when creating an agent file, improving an existing agent, configuring AGENTS.md frontmatter, setting subagent_type, defining allowed-tools, restricting permissions, designing agent routing, writing a system prompt, configuring mode: subagent, setting a permission block, or working with the Task tool delegation pattern. Examples: 'Create an agent for code reviews', 'My agent ignores context', 'Add a database expert subagent', 'Make my agent faster', 'Agent triggers on wrong requests'.
Agent Architect
Create and refine OpenCode agents through a guided Q&A process.
Quick Start
Create .opencode/agents/<name>.md:
---
description: Code review specialist. Use when user says "review", "check my code", "find bugs".
---
You are an expert code reviewer. Analyze code for bugs, security issues, and performance problems.
Provide specific, actionable feedback with line references.
For subagents (Task tool only), add mode: subagent. For permission restrictions, add a permission: block:
---
mode: subagent
permission:
bash:
"*": "ask"
"npm test": "allow"
---
Run bun run opencode and type /agents to confirm the new agent appears in the list.
Mindset
An agent is a markdown file with YAML frontmatter. Three decisions drive every design:
| Decision | Why it matters |
|----------|----------------|
| Scope (description) | Controls when the agent triggers — too vague = never fires, too broad = fires on everything |
| Mode (mode:) | all = visible everywhere; subagent = Task-tool only; primary = main list only |
| Permissions (permission:) | Standard tools need no config; skills ALWAYS need explicit allowlists |
When to use: You need a distinct scope, persona, or permission set that differs from the default.
When NOT to use: Do not create an agent just to run a single command — use a slash command instead. Do not create a subagent when you just need a custom system prompt — use AGENTS.md.
Creation Workflow
Ask questions first. Follow phases in references/agent-patterns.md:
- Phase 1 — Core Purpose: What does it do? What triggers it? What persona?
- Phase 1.5 — Research: Look up current best practices for the domain.
- Phase 2 — Capabilities: Permissions, skills, mode (subagent vs primary vs all).
- Phase 3 — Review: Show draft, iterate until user approves.
Anti-Patterns
NEVER use bash: { "*": "allow" }. WHY: Allows destructive commands like rm -rf. Use "*": "ask" plus an explicit allowlist.
# BAD
permission:
bash:
"*": "allow"
# GOOD
permission:
bash:
"*": "ask"
"npm test": "allow"
"git status": "allow"
NEVER write system prompts in third person. WHY: The model reads its own system prompt — third person is confusing and degrades instruction-following.
# BAD — "The assistant analyzes code..."
# GOOD — "You analyze code for bugs, security issues, and performance problems."
NEVER add permission: block for standard tools. WHY: It creates noise and can accidentally restrict access to built-in capabilities. Only use permission: when you need to restrict or explicitly allow skills.
| Anti-Pattern | Fix |
|---|---|
| Vague description | Add concrete trigger examples |
| Missing mode: subagent on subagents | Set it explicitly |
| skill: { "my-skill": "allow" } without "*": "deny" | Deny "*" first |
Eval Scenarios
- Scenario 0: Create specialized agent with permissions
- Scenario 1: Configure skill permission allowlist
- Scenario 2: Fix broken agent triggers and system prompt
References
references/agent-patterns.md— Creation phases, patterns, prompt engineering, enhancement/troubleshootingreferences/opencode-config.md— Full frontmatter schema, tools, permissions reference
Related Skills
pantheon-org/jenkinsfile-generator
tools
VerifiedTrustedCommunity
Generates Jenkinsfiles with stages, agents, parallel builds, post-build actions, and security scanning for Declarative and Scripted pipeline syntaxes. Use when creating a Jenkins pipeline script, Groovy pipeline, or build configuration; implementing CI/CD workflows, continuous integration, or build automation; adding Docker/Kubernetes deployments, matrix builds, parameterized pipelines, or DevSecOps security scanning to a Jenkins setup.
6SKILL.mdUpdated May 16, 2026
pantheon-org/helm-validator
tools
VerifiedTrustedCommunity
Comprehensive toolkit for validating, linting, testing, and analyzing Helm charts and their rendered Kubernetes resources. Use this skill when working with Helm charts, validating templates, debugging chart issues, working with Custom Resource Definitions (CRDs) that require documentation lookup, or checking Helm best practices.
6SKILL.mdUpdated May 16, 2026
pantheon-org/helm-generator
tools
VerifiedTrustedCommunity
Comprehensive toolkit for generating best practice Helm charts and resources following current standards and conventions. Use this skill when creating new Helm charts, implementing Helm templates, scaffolding Chart.yaml and values.yaml, defining deployment templates, service definitions, ingress configurations, .tpl helpers, or building Helm projects from scratch. Trigger phrases include "create", "generate", "build", "scaffold" alongside terms like "kubernetes helm", "k8s charts", "helm package", "chart dependencies", "values.yaml", or "helm install".
6SKILL.mdUpdated May 16, 2026
pantheon-org/gitlab-ci-validator
development
VerifiedTrustedCommunity
Validates .gitlab-ci.yml syntax, detects security misconfigurations in job definitions, checks for deprecated keywords, ensures proper stage ordering, and audits pipeline configurations for best practices. Use when working with .gitlab-ci.yml files, validating GitLab CI/CD pipeline syntax, debugging configuration errors, checking for hardcoded secrets or credentials in pipeline jobs, optimizing pipeline performance with DAG or cache, or performing security audits on GitLab CI/CD configurations.
6SKILL.mdUpdated May 16, 2026