pantheon-org/opencode-design-commands
skills/agentic-harness/opencode-toolkit/design-commands/SKILL.md
Create custom /slash commands for repetitive tasks in OpenCode. Use when user wants to create a command, automate a workflow, make a shortcut, add a slash command, set up automation, create a /test, /review, /deploy, /commit, /fix, /build, /lint, /spellcheck, /migrate, or /ci command. Also use when writing a command file, configuring command frontmatter, using $ARGUMENTS placeholders, setting agent: plan, using subtask: true, injecting shell output with !cmd, referencing files with the at-file syntax in a command template, or choosing between a slash command, agent, and skill.
$ install --global
skillsauthnpx skillsauth add pantheon-org/tekhne opencode-design-commandsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 28, 2026, 10:21 AM121.5s7 files scanned
SKILL.md
- name:
- opencode-design-commands
- description:
- Create custom /slash commands for repetitive tasks in OpenCode. Use when user wants to create a command, automate a workflow, make a shortcut, add a slash command, set up automation, create a /test, /review, /deploy, /commit, /fix, /build, /lint, /spellcheck, /migrate, or /ci command. Also use when writing a command file, configuring command frontmatter, using $ARGUMENTS placeholders, setting agent: plan, using subtask: true, injecting shell output with !cmd, referencing files with the at-file syntax in a command template, or choosing between a slash command, agent, and skill.
Command Creator
Quick Start
Create .opencode/commands/<name>.md:
---
description: Run tests and fix all failures automatically
---
Run the full test suite, identify any failures, and fix them.
1. Run `npm test`
2. For each failure, identify root cause and fix
3. Re-run to verify all pass
Invoke it in OpenCode: /test
Run bun run opencode to start, then type /<name> to invoke your command.
Mindset
Slash commands are user-to-agent shortcuts — markdown files with an instruction template. User types /test → OpenCode substitutes placeholders → agent executes.
Decision rule:
- Human wants a shortcut → Command
- Agent needs standing instructions → Skill
- Task needs a persona → Agent
When to use: Repetitive multi-step tasks that need a one-word trigger.
When NOT to use: Do not create a command for one-off tasks — just type the instruction directly. Do not use commands for interactive workflows; commands are one-shot.
Modes: no agent: = default build (read/write); agent: plan = read-only; subtask: true = fire-and-forget.
Template Placeholders
$ARGUMENTS — all args; $1/$2 — positional; !cmd — shell output injection; @filename — include file content.
# Dynamic context injection example
!git log --oneline -5
---
description: Deploy to staging with context
agent: plan
subtask: true
---
Deploy $ARGUMENTS using the steps in docs/deploy.md.
!git log --oneline -3
Anti-Patterns
NEVER use $ARGUMENTS more than once in a command body. WHY: The placeholder is substituted literally — using it twice creates duplicate content that confuses the agent.
# BAD — duplicate content
Review $ARGUMENTS. Focus on $ARGUMENTS for security issues.
# GOOD — wrap in XML once
<target>$ARGUMENTS</target>
Review the target file for security issues and bugs.
NEVER tell the agent to "run /command" inside a command body. WHY: Agents cannot invoke slash commands from within a command — only users can type /cmd.
# BAD
After fixing, run /test to verify.
# GOOD
After fixing, run `npm test` to verify.
NEVER use agent: plan for commands that write files. WHY: The plan agent is read-only and will refuse any write operation, silently failing the command.
# BAD
---
agent: plan
---
Create a new file called output.md with the results.
# GOOD — remove agent: plan for write operations
References
references/command-patterns.md— Creation phases, example commands (/test, /review, /commit, /deploy, /spellcheck), pattern libraryreferences/frontmatter-reference.md— Complete frontmatter fields and placeholder reference
Eval Scenarios: Scenario 0: Deploy | Scenario 1: Spellcheck | Scenario 2: Fix anti-patterns
Related Skills
pantheon-org/jenkinsfile-generator
tools
VerifiedTrustedCommunity
Generates Jenkinsfiles with stages, agents, parallel builds, post-build actions, and security scanning for Declarative and Scripted pipeline syntaxes. Use when creating a Jenkins pipeline script, Groovy pipeline, or build configuration; implementing CI/CD workflows, continuous integration, or build automation; adding Docker/Kubernetes deployments, matrix builds, parameterized pipelines, or DevSecOps security scanning to a Jenkins setup.
6SKILL.mdUpdated May 16, 2026
pantheon-org/helm-validator
tools
VerifiedTrustedCommunity
Comprehensive toolkit for validating, linting, testing, and analyzing Helm charts and their rendered Kubernetes resources. Use this skill when working with Helm charts, validating templates, debugging chart issues, working with Custom Resource Definitions (CRDs) that require documentation lookup, or checking Helm best practices.
6SKILL.mdUpdated May 16, 2026
pantheon-org/helm-generator
tools
VerifiedTrustedCommunity
Comprehensive toolkit for generating best practice Helm charts and resources following current standards and conventions. Use this skill when creating new Helm charts, implementing Helm templates, scaffolding Chart.yaml and values.yaml, defining deployment templates, service definitions, ingress configurations, .tpl helpers, or building Helm projects from scratch. Trigger phrases include "create", "generate", "build", "scaffold" alongside terms like "kubernetes helm", "k8s charts", "helm package", "chart dependencies", "values.yaml", or "helm install".
6SKILL.mdUpdated May 16, 2026
pantheon-org/gitlab-ci-validator
development
VerifiedTrustedCommunity
Validates .gitlab-ci.yml syntax, detects security misconfigurations in job definitions, checks for deprecated keywords, ensures proper stage ordering, and audits pipeline configurations for best practices. Use when working with .gitlab-ci.yml files, validating GitLab CI/CD pipeline syntax, debugging configuration errors, checking for hardcoded secrets or credentials in pipeline jobs, optimizing pipeline performance with DAG or cache, or performing security audits on GitLab CI/CD configurations.
6SKILL.mdUpdated May 16, 2026