Explore AI Agent Skills & Claude Prompts
Discover open-source agent skills for Claude Code, Codex, ChatGPT, and any tool that uses SKILL.md.
Enter through keywords, occupations, creators, and GitHub sources to see what kinds of skills are emerging across domains.
Use the same catalog through the API
Connect 381,784 public skills to your own search, analytics, or agent workflow with the REST API.
Querying local SQLite index...
gcp-vertex-ai
by omespinoGoogle Cloud Vertex AI / Agent Builder (ahora Gemini Enterprise Agent Platform) — seguridad y superficie ofensiva. Componentes — Workbench (notebooks que corren como SA, acceso a metadata 169.254.169.254 = SA token), custom training jobs / custom containers (code exec by design), model endpoints, Agent Builder / Search & Conversation (RAG, data stores, grounding), pipelines, feature store. Vectores — robo de SA token vía notebook+metadata, escape de custom container, prompt injection directa/indirecta en agentes RAG, exfil de modelos/datos, SSRF. Self-serve con gmail. Cruza con ai-agents-threats y saif-framework. Spanish triggers — "vertex ai", "vertex ai seguridad", "agent builder", "gemini enterprise", "vertex workbench notebook", "vertex custom container", "vertex prompt injection", "vertex rag data store", "vertex ai metadata ssrf", "atacar vertex ai".
ssrf-blacklist-bypass
by omespinoSSRF blacklist bypass techniques from Agarri AppSec EU 2015 — complete IP encoding table (dotless decimal, octal, hex, overflow, mixed, IPv6 mapped/compatible), DNS bypass (xip.io, static A, base36, TOCTOU rebinding with DNSChef), SSRF vector taxonomy (webhooks/IPN, upload-from-URL, mixed-content proxies, SSJS). Real bugs: Stripe ($500), Prezi ($4.5k), PayPal ($100), Yahoo YMON RCE ($21.6k), CoinBase ($5k), Parse ($20k). Spanish triggers — "ssrf bypass ip", "ssrf bypass filtro", "ssrf ip encoding", "ssrf octal bypass", "ssrf hex ip", "ssrf dns rebind", "ssrf toctou", "bypass lista negra ssrf", "ssrf xip.io", "ssrf 169.254 bypass", "metadata bypass ssrf", "ssrf dotless decimal".
antigravity-docs
by omespinoGoogle Antigravity docs — agentic dev platform: desktop app 2.0, CLI, SDK, IDE, subagents, artifacts, permissions, skills, MCP, hooks, rules, workflows, sidecars, Agent Manager, Browser, enterprise plans, settings, FAQ. Triggers — antigravity, google antigravity, antigravity docs, antigravity 2.0, antigravity cli, antigravity sdk, antigravity ide, antigravity subagents, antigravity artifacts, antigravity permissions, antigravity mcp, antigravity hooks, antigravity skills, antigravity rules, antigravity workflows, antigravity sidecars, antigravity agent manager, antigravity browser, antigravity enterprise, antigravity settings, antigravity faq, antigravity install, antigravity worktree, antigravity slash commands, antigravity keyboard shortcuts.
bugcrowd-bugbounty
by omespinoBugCrowd techniques from real resolved reports (Atlassian, Centrify, Skyscanner, Netflix, Segment, Trello, Tesla). Stored XSS via Word .doc javascript: URI in iOS browsers (Atlassian Confluence; .docx does NOT reproduce); CVE-2018-0296 Cisco ASA path traversal unauth (sessions + dir index); Firebase exposure via APK + apktool + /.json check (Skyscanner); default creds on network gear in target ASN (Huawei S7706 admin/admin@huawei.com); missing email domain verification for privilege escalation on B2B SaaS (Segment); stored XSS via SVG in iOS with navigator fingerprinting (Trello iOS); SVG XSS via xlink:href + data URI base64; API keys in APK assets/ via plain unzip (Tesla). Spanish triggers — "bugcrowd", "bug bounty en bugcrowd", "xss en doc", "firebase apk", "cisco asa cve", "credenciales por defecto en red".
bughunters-mobile-misc
by omespinoPersonal Google VRP reports by omespino — mobile and desktop miscellaneous findings. Local file read via Chrome file:// (file:///etc/environment has JS-compatible VAR="value" syntax, vars accessible in global scope). No rate limit + IDOR sequential on Android TV setup/lookup endpoint (seq + xargs -P20 parallel enumeration, ~900 devices/10K requests). XSS via PowerPoint 97-2003 javascript: hyperlink in Gmail iOS and Google Drive iOS (must be .ppt not .pptx). Spanish triggers — "chrome file://", "android tv idor", "powerpoint xss ios", "gmail ios xss", "drive ios xss", "ppt xss", "file:// chrome vulnerabilidad", "android tv enumeration", "lookup android tv".
h1-bugbounty
by omespinoHackerOne techniques from 43 real reports (9 resolved: Slack, Yahoo Mail, Twitter, Criteo x3, MercadoLibre x2, Reddit). For HackerOne programs and Live Hacking Events (LHE). Confirmed — XSS via SVG/XML upload in iOS app viewers (Slack, Yahoo Mail); URL filter bypass via ASCII homoglyphs (MercadoLibre, Reddit, Bitly/TinyURL); SSRF in webhooks/IPN (Mercado Pago); subdomain takeover via Heroku dangling CNAME (Criteo); credential exposure via GitHub dorks (trufflehog, gitleaks); CVE-2018-0296 Cisco ASA path traversal; CVE-2019-11510 Pulse Secure VPN file read; SWEET32 / POODLE TLS detection on mail/VPN. Additional — APK/IPA secret extraction; XSS via .pptx javascript: links; SSRF via image URL / IPv6 bypass; auth bypass trailing slash (Zomato); GraphQL disclosure; WAF bypass SQLi case; SSH key on GitHub → RCE (Lyft); WordPress authenticated file deletion; XML Billion Laughs DoS. Spanish triggers — "hackerone", "h1", "bug bounty en h1", "live hacking event", "lhe".
sqli-numeric-bypass
by omespinoSQL injection in numeric (integer) parameters without special characters — arithmetic bypass for WAFs that block quotes, parentheses, spaces and semicolons. Column enumeration via subtraction (id=1-column_name), table discovery via dot notation (table.column), three-state response differentiation. Allowed chars: a-z, 0-9, @, ., +, -. Source: r9.mody/Medium 2025. Spanish triggers — "sqli entero", "sqli sin caracteres especiales", "sqli parametro numerico", "sqli bypass waf aritmetica", "sqli sin comillas", "inyeccion sql entero", "sqli aritmetica", "sql injection integer", "sqli column enumeration", "sqli dot notation", "sqli waf bypass sin comillas".
ai-agents-architecture
by omespinoArquitectura completa de agentes de IA — capas Application/Agent/Orchestration, componentes Perception, Reasoning Core, Rendering, Memory, Tools, RAG, flujo de datos y puntos de seguridad en cada etapa. Basado en SAIF 2.0 y whitepaper Google May 2025. Triggers — "arquitectura agente", "agent architecture", "componentes agente", "agent components", "reasoning core", "perception agent", "rendering agent", "agent memory", "agent orchestration", "tool use agent", "rag agent", "agent layers", "capas agente ia", "agent workflow", "agent pipeline".
ai-agents-security-design
by omespinoDiseño seguro de agentes de IA según Google SAIF 2.0 y whitepaper May 2025. Tres principios core (human controllers, limited powers, observable actions), controles (Agent User Controls, Agent Permissions con AAA, Agent Observability), defense-in-depth híbrido (runtime policy enforcement + reasoning-based defenses), assurance activities. Triggers — "secure agent design", "diseño seguro agente", "agent security principles", "principios seguridad agente", "least privilege agent", "privilegio mínimo agente", "agent observability", "observabilidad agente", "agent permissions", "permisos agente", "human in the loop agent", "human controller agent", "defense in depth agent", "defense in depth ia", "policy enforcement agent", "agent guardrails", "guardrails agente", "cómo diseñar agente seguro", "how to build secure agent", "agent aaa", "agent authentication authorization".
ai-agents-threats
by omespinoModelo de amenazas para agentes de IA — SAIF 2.0 y Google Whitepaper May 2025. Rogue actions, sensitive data disclosure, prompt injection directo/indirecto, misalignment, data exfiltration via tool side-effects, data poisoning. Casos reales — Gemini CLI RCE 2025 (poisoned .env, malicious MCP servers, shell filter bypass, toolDiscoveryCommand backdoor, macOS clipboard trap). Triggers — "rogue actions", "acciones no autorizadas", "prompt injection agente", "indirect prompt injection", "sensitive data disclosure agent", "data exfiltration agent", "agent threat model", "amenazas agente ia", "agent attacks", "agent risks", "vulnerabilidades agente", "hijack agent", "agent security risks", "gemini cli rce", "malicious mcp server", "mcp rce", "toolDiscoveryCommand", "clipboard rce agent", "untrusted workspace agent".
sre-design
by omespinoSRE Book Ch3-6 — Safe Proxies/Zero Touch Production, Design Tradeoffs (feature vs emergent properties), Least Privilege (Zero Trust/BeyondCorp, small APIs, breakglass, MPA, 3FA, temporary access), Understandability (system invariants, mental models, security boundaries, centralized auth). Spanish triggers — "safe proxy google sre", "zero touch production", "zero trust networking sre", "least privilege sre", "mpa multi party authorization", "3fa three factor auth", "breakglass sre", "small api least privilege", "system invariants sre", "mental model sre", "security boundaries sre", "design tradeoffs sre", "understandability sre", "feature vs emergent property", "auditing access sre", "temporary access sre", "business justification sre", "acceso minimo privilegio google".
bughunters-google-api-recon
by omespinoRecon ofensivo de APIs internas de Google (Brutecat, Critical Thinking Ep.177). Primitivos — request-a-proto (GSPB, oráculo de error que reconstruye el request proto), getProtoDefinition, discovery docs ($discovery/rest nukeados; bypass vía ángulo RPC + X-HTTP-Method-Override POST a GET + DB de API keys), client6.google.com first-party + alt=proto + header X-Goog-Encode-Response-If-Executable base64, gRPC vs proto-over-HTTP + X-Goog-FieldMask, 1e100.net region pinning, IPv6 /64 rotation contra rate limits, endpoints duplicados. Spanish triggers — "recon api google", "request a proto", "rictor proto", "discovery doc google", "getprotodefinition", "client6 google", "x-goog-encode-response-if-executable", "x-http-method-override google", "1e100.net", "ipv6 rate limit bypass", "x-goog-fieldmask", "grpc google api hacking", "api key discovery google".
Browse Agent Skills by Occupation
23 major groups · 867 SOC occupations
Browse by Category
Explore agent skills organized by their primary use case
Explore the agent skills ecosystem by occupation and creator
SkillMD is not just a keyword search box. It is an open map that organizes public skills by occupation, creator, and repository, helping you see which workflows, judgment criteria, and domain habits people are writing for AI agents.
Then follow creators and GitHub repositories back to the source: compare the skills a team maintains, whether the repo is active, and how the README frames the work before you open, install, or reuse anything.
Use it three ways: learn an unfamiliar field by occupation, study how creators organize skills, then use source context to decide what is worth opening or reusing.
01 Map a field
Browse 23 occupation groups and 867 SOC roles to learn what skills exist in adjacent domains and how they break down real work.
02 Follow creators
Use creator and repository pages to inspect maintained skill collections, recent updates, and source context before trusting a result.
03 Search with sources
Search 1.7M+ collected skills, then use occupation tags, creators, and GitHub source context to decide what is worth opening.
Start with the occupation map, then follow creators and repositories back to real code. SkillMD helps explain why a skill is worth opening, not only what it is named.
Standardizing Agent Capabilities with SKILL.md and Model Context Protocol (MCP)
In the rapidly evolving landscape of artificial intelligence, LLM agents (Large Language Model agents) have transitioned from simple text predictors to autonomous problem solvers. To orchestrate complex, multi-step agentic workflows, developers require a standardized format to specify agent capabilities, prompt instructions, system rules, and database bindings. This is where SKILL.md and the Model Context Protocol (MCP) have emerged as standard developer paradigms. SkillMD serves as the central directory for indexing, exploring, and sharing these critical agent configurations.
Our open-source registry currently tracks over 1.7 million collected SKILL.md configurations and system prompts. By compiling agent configurations from active developers on GitHub, we bridge the gap between prompt engineering research and production execution. Whether you are building agents with Anthropic's Claude Code, OpenAI's GPT-4, Google's Gemini, or local models using Ollama and LlamaIndex, standardized skill definitions ensure your agents behave predictably across different runtime environments.
What is the Model Context Protocol (MCP)?
The Model Context Protocol (MCP) is an open-source standard designed to connect LLMs to data sources, developer tools, and external environments. MCP establishes a bidirectional communication channel between client applications (like Cursor, Claude Desktop, or custom agent systems) and servers hosting data or capabilities. Standardizing instructions via SKILL.md enables LLMs to query databases, read local files, execute terminal commands, and integrate third-party APIs. SkillMD allows you to find ready-to-run MCP servers and prompt instructions for various occupations and technical tasks.
The Structure of a Professional SKILL.md File
A valid SKILL.md configuration is designed to be easily read by humans and parsed by LLMs. It contains precise system instructions, trigger conditions, required parameters, and execution examples. Below is the typical architectural blueprint of a professional agent skill:
- Metadata & Core Scope: Declares the name of the skill, author details, target models, and a description of the capability.
- Triggers & Intent Detection: Details semantic triggers that help the agent decide when to invoke this skill.
- System Prompts: Explicit system-level instructions that direct the agent's behavior, personality, safety guardrails, and formatting preferences.
- Capabilities & Tools: Lists the files, databases, or APIs the agent must access to complete the tasks.
- Few-Shot Examples: Demonstrates real inputs and outputs, helping the model generalize behavior through in-context learning.
Optimizing Agent Workflows for Modern LLMs
Writing effective agent skills requires deep knowledge of prompt engineering. With the release of advanced reasoning models like Claude 3.5 Sonnet, ChatGPT o1, and DeepSeek-V3, prompt templates must focus on structured thinking. Developers are encouraged to use XML tags (e.g., <thought>, <context>, and <rules>) to isolate execution boundaries. Standardized prompts prevent agents from suffering from context drift, ensuring that long-running tasks remain aligned with the initial system parameters.
Exploring by SOC Occupations and Creator Profiles
What makes SkillMD unique is its taxonomy. Instead of simple text search, we parse and organize files according to the Standard Occupational Classification (SOC) system. This means you can discover skills written for Computer and Mathematical roles, Business and Financial operations, Legal, Design, and and Educational Instruction fields. By tracking creator profiles, developers can study how different teams organize their custom instructions, compare version updates, and fork public configs for specialized enterprise use cases.
SkillMD operates as a high-performance index running on a fast Go backend and a highly responsive Astro SSR frontend. All search queries execute in milliseconds, featuring smart debouncing to prevent multiple API requests while keeping user data secure. Join our community of developers to standardize your AI agent instructions and optimize your LLM prompting workflows today.
Frequently Asked Questions
A practical guide to agent skills: what they are, how to inspect them, and how SkillMD helps you explore the ecosystem.