tkersey/guards
codex/skills/guards/SKILL.md
Generate provider-agnostic AI agent guardrail blueprints and control matrices from a use case. Use when designing or reviewing agent safety architecture, prompt-injection and tool-misuse defenses, risk-tiered human approval gates, or auditable enterprise guardrail policies using industry patterns across top providers.
$ install --global
skillsauthnpx skillsauth add tkersey/dotfiles guardsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 3:26 AM4.3s4 files scanned
SKILL.md
- name:
- guards
- description:
- Generate provider-agnostic AI agent guardrail blueprints and control matrices from a use case. Use when designing or reviewing agent safety architecture, prompt-injection and tool-misuse defenses, risk-tiered human approval gates, or auditable enterprise guardrail policies using industry patterns across top providers.
guards
Mission
Turn ambiguous "add guardrails" requests into an implementation-ready guardrail architecture. Produce provider-agnostic outputs that application engineers can execute without choosing a model vendor first.
Output Contract
Always return a structured plan plus a control matrix. The response must include these headings in this order:
- Problem Statement
- Success Criteria
- Risk Tier and Enforcement Posture
- Threat Scenarios
- Layered Control Stack
- Control Matrix
- Residual Risks
- Validation and Acceptance Checks
- Rollout and Monitoring
- Rollback and Abort Criteria
- Implementation Brief
Never output provider-specific SDK instructions in default mode.
If a user explicitly requests provider mappings, keep them in a separate appendix titled Provider Mapping (Optional).
Request Contract
Model requests as GuardrailBlueprintRequest v1.
Required fields:
use_case: one-sentence workload descriptionactor_profile: who can trigger the agent and from wheretool_surface: tools or side-effecting actions the agent can invokedata_sensitivity:public | internal | confidential | regulatedautonomy_level:assistant | semi_autonomous | autonomousregulatory_context: baseline policy contextrisk_tolerance:low | medium | high
Defaults:
regulatory_context = US enterprise baselinerisk_tolerance = mediumfreshness_mode = pattern_only
When required fields are missing, ask only the minimum judgment-call questions needed to classify risk tier and tool boundary.
Control Taxonomy (Fixed)
Map every threat scenario across this layer order:
- Input controls
- Context controls
- Model controls
- Tool pre-call controls
- Tool post-call controls
- Output controls
- Human approval controls
- Audit and traceability controls
Each scenario must include at least one control in every applicable layer.
Enforcement Policy (Risk-Tiered Mixed Mode)
Apply this default policy unless the user overrides it:
low: monitored allow with explicit logging and anomaly detectionmedium: allow with guardrails and sampled human reviewhigh: fail-closed for side-effecting actions unless explicit human approvalcritical: fail-closed by default with mandatory human approval and dual-control where possible
Hard rule:
- High and critical scenarios must not be fail-open.
Workflow
- Normalize the request into
GuardrailBlueprintRequest v1. - Define the system boundary and identify side-effecting tools.
- Classify risk tier by data sensitivity, autonomy level, and blast radius.
- Build 5-12 concrete threat scenarios with attack paths and target assets.
- Map layered controls using the fixed taxonomy.
- Assign enforcement mode and human gate behavior per scenario.
- Produce residual risk register with explicit owners.
- Define acceptance checks and rollback triggers.
- Cross-check control choices against
references/industry_patterns.md. - Emit the final plan and control matrix using the template in
references/blueprint_template.md.
Evidence and Freshness Modes
Use one mode and state it in the output:
pattern_only(default): synthesize provider-agnostic industry patterns.hybrid: cite sources for high-risk controls and decision-critical claims.strict_source_cited: cite sources for all major control recommendations.
When the prompt asks for "latest" provider specifics, verify against primary docs before finalizing.
Quality Gates
Before completing, verify all gates:
- Provider-agnosticity: no vendor-locked implementation steps in the main output.
- Layer coverage: each high-risk scenario includes applicable controls across layers.
- Enforcement correctness: high and critical scenarios include fail-closed behavior.
- Residual risk completeness: each material risk has probability, impact, trigger, and owner.
- Traceability: each major requirement maps to at least one acceptance check.
- Operability: includes monitoring signals plus rollback/abort criteria.
Non-Goals
- No legal opinions or jurisdiction-specific legal advice.
- No guarantee that any control makes compromise impossible.
- No deployment automation scripts or runtime policy engine implementation.
- No provider-specific code generation unless explicitly requested.
Deliverable Checklist
- Structured plan with all required headings.
- Control matrix with standardized columns.
- Residual risk register with explicit ownership.
- Acceptance checks tied to requirements.
- Rollout and rollback criteria.
- Explicit mode declaration (
pattern_only,hybrid, orstrict_source_cited).
Reference
- Template:
references/blueprint_template.md - Pattern baseline:
references/industry_patterns.md
Related Skills
tkersey/beads-workflow
tools
VerifiedTrustedCommunity
Convert markdown plans into beads with dependencies using br CLI. Use when creating task graphs, polishing beads before implementation, or bridging planning to agent swarm execution.
57SKILL.mdUpdated Jun 4, 2026
tkersey/opt
development
VerifiedTrustedCommunity
Orchestrate Codex skill optimization during active sessions through $cas goal control, $shadow single-session evidence, $tune diagnosis/refinement briefs, and the skill-optimizer custom subagent. Trigger for $opt, skill optimization loops, session-driven skill tuning, meta-skill audits, or explicit validated skill edits. Do not use for general code optimization, product optimization, or performance tuning.
57SKILL.mdUpdated May 31, 2026
tkersey/fresh-eyes-blunder-pass
development
VerifiedTrustedCommunity
Run a targeted fresh-eyes blunder pass over code, specs, plans, adjudications, closure gates, skill edits, or negative-evidence ledgers. Trigger when asked to reread with fresh eyes, find obvious bugs, catch mistakes/oversights/omissions, check for embarrassing misses, or perform a second independent blunder pass before closure. Do not use as a substitute for implementation, adjudication, or verification; use it as the final falsification/check pass for those workflows.
57SKILL.mdUpdated May 29, 2026
tkersey/shadow
development
VerifiedTrustedCommunity
Explicitly shadow, tail, watch, follow, monitor, supervise, or companion exactly one Codex session id/path through `$seq`, then apply a named target skill as an interpretation/reporting/proposal/action lens until the watched session stops.
57SKILL.mdUpdated May 26, 2026