Skip to main content

PRD-STD-017: Agent Skills Catalog Governance

Standard ID: PRD-STD-017
Version: 1.0
Status: Active
Compliance Level: Level 2 (Managed)
Effective Date: 2026-02-26
Last Reviewed: 2026-02-26

How To Use This Standard

This page is the normative source for controlling AI agent skill catalogs (for example: Claude Skills, internal task skills, reusable agent playbooks, and tool-integrated skill bundles).

Use this standard with:

1. Purpose

This standard defines mandatory controls for creating, approving, cataloging, versioning, and operating agent skills in enterprise software delivery.

Without explicit governance, community or ad hoc skills can bypass role boundaries, introduce unsafe automation, weaken traceability, and create hidden policy drift in "vibe coding" workflows. PRD-STD-017 ensures skills are treated as governed execution components, not convenience snippets.

2. Scope

This standard applies to:

  • Skill catalogs used by AI coding assistants, agent runtimes, or orchestration platforms
  • Internal and third-party/community skills used in software delivery workflows
  • Skills that can read files, generate code, run commands, call tools, or influence production-bound artifacts
  • Skill registries used in multi-agent orchestration, CI/CD, and developer IDE workflows

This standard does not apply to:

  • Unexecuted documentation examples that are not used in active workflows
  • Purely educational prompts not used to produce production-bound outputs

3. Definitions

TermDefinition
SkillA reusable AI execution unit containing instructions, tool usage patterns, or workflow logic used by an agent or assistant
Skill CatalogThe curated collection of approved, provisional, blocked, or deprecated skills available to a team or organization
Skill RegistryThe source of truth storing skill metadata, version, status, owner, approval tier, and enforcement constraints
Skill ProfileMetadata record for a skill including risk classification, scope, dependencies, and approval status
Skill Execution GateA policy checkpoint validating whether a skill is allowed to run in the current role, task type, and environment
Community SkillA skill sourced from external repositories or public catalogs outside the organization

4. Requirements

4.1 Skill Inventory and Ownership

MANDATORY

REQ-017-01: Every skill used in enterprise workflows MUST have a unique skill-id and a named human owner.

REQ-017-02: Organizations MUST maintain a skill registry with, at minimum:

  • skill-id
  • title and description
  • owner role
  • source (internal/external) and attribution URL (if external)
  • version
  • approval status
  • risk classification
  • allowed environments
  • allowed agent roles
  • last review date

REQ-017-03: Unregistered skills MUST NOT be used in production-bound workflows.

4.2 Approval and Risk Classification

MANDATORY

REQ-017-04: Skills MUST be classified before use as one of:

  • Informational (read-only guidance)
  • Development Assist (code/test/document generation)
  • Elevated Tool Use (command execution / file modification)
  • Sensitive (security, infrastructure, policy, or compliance impact)

REQ-017-05: Community skills MUST undergo review for:

  • scope and claimed behavior
  • hidden tool assumptions
  • data exposure risk
  • security implications
  • alignment with AEEF standards

REQ-017-06: Sensitive skills MUST require explicit human approval prior to first use and after any major version change.

RECOMMENDED

REQ-017-07: Organizations SHOULD maintain a "provisional" status for newly introduced skills to allow limited sandbox use before broader enablement.

4.3 Execution Controls and Gates

MANDATORY

REQ-017-08: Skill execution MUST be gated by role, task type, and environment (for example: developer in dev allowed, developer in production denied).

REQ-017-09: Skills capable of file modification or command execution MUST run with deny-by-default tool permissions and explicit allowlists.

REQ-017-10: Skills MUST NOT override PRD-STD-009 agent contracts, stage gates, or human approval checkpoints.

REQ-017-11: Skills used in "vibe coding" style workflows MUST still produce traceability metadata and remain subject to PRD-STD-002, PRD-STD-003, and PRD-STD-007 controls.

4.4 Traceability, Attribution, and Evidence

MANDATORY

REQ-017-12: Executions involving skills MUST record skill-id and skill-version in agent run records or PR metadata.

REQ-017-13: Community skills MUST retain source attribution (publisher/owner and URL) in the skill registry and review record.

REQ-017-14: Skill approval decisions MUST include review evidence and a decision rationale.

REQ-017-15: Skill deprecation or revocation MUST be documented and enforced in the registry.

5. Implementation Guidance

Minimum Skill Registry Schema

skill_id: claude-skill.secure-endpoint-review
title: Secure Endpoint Review
version: 1.2.0
owner_role: security-engineer
source:
  type: external
  publisher: github.com/BehiSecc/awesome-claude-skills
  reference_url: https://github.com/BehiSecc/awesome-claude-skills
approval_status: provisional
risk_classification: elevated_tool_use
allowed_agent_roles:
  - developer-agent
  - security-agent
allowed_environments:
  - dev
  - staging
denied_environments:
  - production
required_gates:
  - code-review
  - testing
  - security-scan
last_reviewed_at: 2026-02-26
review_evidence:
  - docs/skills-reviews/claude-secure-endpoint-review.md

Run-Ledger Binding Requirement

To align with PRD-STD-009 traceability requirements, skill-governed executions SHOULD use the canonical run ledger schema and MUST record skill-id/skill-version as structured fields:

  • /templates/schemas/run-ledger-entry.schema.json (RunLedgerEntry v1)

Related schema pack for interoperable governance records:

  • /templates/schemas/agent-contract.schema.json
  • /templates/schemas/hook-contract.schema.json
  • /templates/schemas/gate-decision.schema.json
  • /templates/schemas/handoff-artifact.schema.json
  1. Intake skill into a provisional queue with attribution and source URL.
  2. Classify risk and allowed scope (role + environment + tool permissions).
  3. Test in sandbox using known-good and known-bad tasks.
  4. Map controls to PRD-STD-009 and PRD-STD-017 requirements.
  5. Approve, reject, or keep provisional with expiration.
  6. Register enforcement metadata and publish to the team catalog.

Organizations maintaining agent definitions alongside skills SHOULD adopt a directory-by-function layout under .claude/agents/:

.claude/agents/
  engineering/          # Developer, architect, DevOps agents
  product/              # Product research, sprint planning agents
  design/               # UI/UX, brand agents
  testing/              # QA, performance, benchmarking agents
  operations/           # Support, infra, analytics agents

Each agent definition file (.md) SHOULD include the fields from the agent contract schema (agent-contract.schema.json) and be registered in the skill/agent registry (REQ-017-02). This convention scales beyond the AEEF CLI's built-in 4-role baseline to department-level agent catalogs.

See Starter Repo Blueprints for full layout examples.

Vibe Coding Integration Pattern

Use skills to reduce undisciplined AI usage, not accelerate it.

  • Create a controlled "starter skill set" for common tasks (feature stub, tests, secure review, docs)
  • Require each skill to emit expected outputs (tests, risk notes, traceability fields)
  • Route risky tasks to skill-backed workflows with human gates instead of freeform prompting

6. Exceptions & Waiver Process

Waivers MAY be granted for low-risk informational skills in sandbox environments only, with expiration (maximum 30 days).

No waivers are permitted for:

  • production use of unregistered skills
  • missing attribution for community skills
  • bypassing required skill execution gates
  • allowing skills to override mandatory human approvals

8. Revision History

VersionDateAuthorChanges
1.02026-02-26AEEF Standards CommitteeInitial release
Last updated on by BalrogEg