{"id":"9736a031-f536-4f2e-a112-6c855dbc5d63","shortId":"vVbUU7","kind":"skill","title":"agent-governance","tagline":"Patterns and techniques for adding governance, safety, and trust controls to AI agent systems. Use this skill when:\n- Building AI agents that call external tools (APIs, databases, file systems)\n- Implementing policy-based access controls for agent tool usage\n- Adding semantic int","description":"# Agent Governance Patterns\n\nPatterns for adding safety, trust, and policy enforcement to AI agent systems.\n\n## Overview\n\nGovernance patterns ensure AI agents operate within defined boundaries — controlling which tools they can call, what content they can process, how much they can do, and maintaining accountability through audit trails.\n\n```\nUser Request → Intent Classification → Policy Check → Tool Execution → Audit Log\n                     ↓                      ↓               ↓\n              Threat Detection         Allow/Deny      Trust Update\n```\n\n## When to Use\n\n- **Agents with tool access**: Any agent that calls external tools (APIs, databases, shell commands)\n- **Multi-agent systems**: Agents delegating to other agents need trust boundaries\n- **Production deployments**: Compliance, audit, and safety requirements\n- **Sensitive operations**: Financial transactions, data access, infrastructure management\n\n---\n\n## Pattern 1: Governance Policy\n\nDefine what an agent is allowed to do as a composable, serializable policy object.\n\n```python\nfrom dataclasses import dataclass, field\nfrom enum import Enum\nfrom typing import Optional\nimport re\n\nclass PolicyAction(Enum):\n    ALLOW = \"allow\"\n    DENY = \"deny\"\n    REVIEW = \"review\"  # flag for human review\n\n@dataclass\nclass GovernancePolicy:\n    \"\"\"Declarative policy controlling agent behavior.\"\"\"\n    name: str\n    allowed_tools: list[str] = field(default_factory=list)       # allowlist\n    blocked_tools: list[str] = field(default_factory=list)       # blocklist\n    blocked_patterns: list[str] = field(default_factory=list)    # content filters\n    max_calls_per_request: int = 100                             # rate limit\n    require_human_approval: list[str] = field(default_factory=list)  # tools needing approval\n\n    def check_tool(self, tool_name: str) -> PolicyAction:\n        \"\"\"Check if a tool is allowed by this policy.\"\"\"\n        if tool_name in self.blocked_tools:\n            return PolicyAction.DENY\n        if tool_name in self.require_human_approval:\n            return PolicyAction.REVIEW\n        if self.allowed_tools and tool_name not in self.allowed_tools:\n            return PolicyAction.DENY\n        return PolicyAction.ALLOW\n\n    def check_content(self, content: str) -> Optional[str]:\n        \"\"\"Check content against blocked patterns. Returns matched pattern or None.\"\"\"\n        for pattern in self.blocked_patterns:\n            if re.search(pattern, content, re.IGNORECASE):\n                return pattern\n        return None\n```\n\n### Policy Composition\n\nCombine multiple policies (e.g., org-wide + team + agent-specific):\n\n```python\ndef compose_policies(*policies: GovernancePolicy) -> GovernancePolicy:\n    \"\"\"Merge policies with most-restrictive-wins semantics.\"\"\"\n    combined = GovernancePolicy(name=\"composed\")\n\n    for policy in policies:\n        combined.blocked_tools.extend(policy.blocked_tools)\n        combined.blocked_patterns.extend(policy.blocked_patterns)\n        combined.require_human_approval.extend(policy.require_human_approval)\n        combined.max_calls_per_request = min(\n            combined.max_calls_per_request,\n            policy.max_calls_per_request\n        )\n        if policy.allowed_tools:\n            if combined.allowed_tools:\n                combined.allowed_tools = [\n                    t for t in combined.allowed_tools if t in policy.allowed_tools\n                ]\n            else:\n                combined.allowed_tools = list(policy.allowed_tools)\n\n    return combined\n\n\n# Usage: layer policies from broad to specific\norg_policy = GovernancePolicy(\n    name=\"org-wide\",\n    blocked_tools=[\"shell_exec\", \"delete_database\"],\n    blocked_patterns=[r\"(?i)(api[_-]?key|secret|password)\\s*[:=]\"],\n    max_calls_per_request=50\n)\nteam_policy = GovernancePolicy(\n    name=\"data-team\",\n    allowed_tools=[\"query_db\", \"read_file\", \"write_report\"],\n    require_human_approval=[\"write_report\"]\n)\nagent_policy = compose_policies(org_policy, team_policy)\n```\n\n### Policy as YAML\n\nStore policies as configuration, not code:\n\n```yaml\n# governance-policy.yaml\nname: production-agent\nallowed_tools:\n  - search_documents\n  - query_database\n  - send_email\nblocked_tools:\n  - shell_exec\n  - delete_record\nblocked_patterns:\n  - \"(?i)(api[_-]?key|secret|password)\\\\s*[:=]\"\n  - \"(?i)(drop|truncate|delete from)\\\\s+\\\\w+\"\nmax_calls_per_request: 25\nrequire_human_approval:\n  - send_email\n```\n\n```python\nimport yaml\n\ndef load_policy(path: str) -> GovernancePolicy:\n    with open(path) as f:\n        data = yaml.safe_load(f)\n    return GovernancePolicy(**data)\n```\n\n---\n\n## Pattern 2: Semantic Intent Classification\n\nDetect dangerous intent in prompts before they reach the agent, using pattern-based signals.\n\n```python\nfrom dataclasses import dataclass\n\n@dataclass\nclass IntentSignal:\n    category: str       # e.g., \"data_exfiltration\", \"privilege_escalation\"\n    confidence: float   # 0.0 to 1.0\n    evidence: str       # what triggered the detection\n\n# Weighted signal patterns for threat detection\nTHREAT_SIGNALS = [\n    # Data exfiltration\n    (r\"(?i)send\\s+(all|every|entire)\\s+\\w+\\s+to\\s+\", \"data_exfiltration\", 0.8),\n    (r\"(?i)export\\s+.*\\s+to\\s+(external|outside|third.?party)\", \"data_exfiltration\", 0.9),\n    (r\"(?i)curl\\s+.*\\s+-d\\s+\", \"data_exfiltration\", 0.7),\n\n    # Privilege escalation\n    (r\"(?i)(sudo|as\\s+root|admin\\s+access)\", \"privilege_escalation\", 0.8),\n    (r\"(?i)chmod\\s+777\", \"privilege_escalation\", 0.9),\n\n    # System modification\n    (r\"(?i)(rm\\s+-rf|del\\s+/[sq]|format\\s+c:)\", \"system_destruction\", 0.95),\n    (r\"(?i)(drop\\s+database|truncate\\s+table)\", \"system_destruction\", 0.9),\n\n    # Prompt injection\n    (r\"(?i)ignore\\s+(previous|above|all)\\s+(instructions?|rules?)\", \"prompt_injection\", 0.9),\n    (r\"(?i)you\\s+are\\s+now\\s+(a|an)\\s+\", \"prompt_injection\", 0.7),\n]\n\ndef classify_intent(content: str) -> list[IntentSignal]:\n    \"\"\"Classify content for threat signals.\"\"\"\n    signals = []\n    for pattern, category, weight in THREAT_SIGNALS:\n        match = re.search(pattern, content)\n        if match:\n            signals.append(IntentSignal(\n                category=category,\n                confidence=weight,\n                evidence=match.group()\n            ))\n    return signals\n\ndef is_safe(content: str, threshold: float = 0.7) -> bool:\n    \"\"\"Quick check: is the content safe above the given threshold?\"\"\"\n    signals = classify_intent(content)\n    return not any(s.confidence >= threshold for s in signals)\n```\n\n**Key insight**: Intent classification happens *before* tool execution, acting as a pre-flight safety check. This is fundamentally different from output guardrails which only check *after* generation.\n\n---\n\n## Pattern 3: Tool-Level Governance Decorator\n\nWrap individual tool functions with governance checks:\n\n```python\nimport functools\nimport time\nfrom collections import defaultdict\n\n_call_counters: dict[str, int] = defaultdict(int)\n\ndef govern(policy: GovernancePolicy, audit_trail=None):\n    \"\"\"Decorator that enforces governance policy on a tool function.\"\"\"\n    def decorator(func):\n        @functools.wraps(func)\n        async def wrapper(*args, **kwargs):\n            tool_name = func.__name__\n\n            # 1. Check tool allowlist/blocklist\n            action = policy.check_tool(tool_name)\n            if action == PolicyAction.DENY:\n                raise PermissionError(f\"Policy '{policy.name}' blocks tool '{tool_name}'\")\n            if action == PolicyAction.REVIEW:\n                raise PermissionError(f\"Tool '{tool_name}' requires human approval\")\n\n            # 2. Check rate limit\n            _call_counters[policy.name] += 1\n            if _call_counters[policy.name] > policy.max_calls_per_request:\n                raise PermissionError(f\"Rate limit exceeded: {policy.max_calls_per_request} calls\")\n\n            # 3. Check content in arguments\n            for arg in list(args) + list(kwargs.values()):\n                if isinstance(arg, str):\n                    matched = policy.check_content(arg)\n                    if matched:\n                        raise PermissionError(f\"Blocked pattern detected: {matched}\")\n\n            # 4. Execute and audit\n            start = time.monotonic()\n            try:\n                result = await func(*args, **kwargs)\n                if audit_trail is not None:\n                    audit_trail.append({\n                        \"tool\": tool_name,\n                        \"action\": \"allowed\",\n                        \"duration_ms\": (time.monotonic() - start) * 1000,\n                        \"timestamp\": time.time()\n                    })\n                return result\n            except Exception as e:\n                if audit_trail is not None:\n                    audit_trail.append({\n                        \"tool\": tool_name,\n                        \"action\": \"error\",\n                        \"error\": str(e),\n                        \"timestamp\": time.time()\n                    })\n                raise\n\n        return wrapper\n    return decorator\n\n\n# Usage with any agent framework\naudit_log = []\npolicy = GovernancePolicy(\n    name=\"search-agent\",\n    allowed_tools=[\"search\", \"summarize\"],\n    blocked_patterns=[r\"(?i)password\"],\n    max_calls_per_request=10\n)\n\n@govern(policy, audit_trail=audit_log)\nasync def search(query: str) -> str:\n    \"\"\"Search documents — governed by policy.\"\"\"\n    return f\"Results for: {query}\"\n\n# Passes: search(\"latest quarterly report\")\n# Blocked: search(\"show me the admin password\")\n```\n\n---\n\n## Pattern 4: Trust Scoring\n\nTrack agent reliability over time with decay-based trust scores:\n\n```python\nfrom dataclasses import dataclass, field\nimport math\nimport time\n\n@dataclass\nclass TrustScore:\n    \"\"\"Trust score with temporal decay.\"\"\"\n    score: float = 0.5          # 0.0 (untrusted) to 1.0 (fully trusted)\n    successes: int = 0\n    failures: int = 0\n    last_updated: float = field(default_factory=time.time)\n\n    def record_success(self, reward: float = 0.05):\n        self.successes += 1\n        self.score = min(1.0, self.score + reward * (1 - self.score))\n        self.last_updated = time.time()\n\n    def record_failure(self, penalty: float = 0.15):\n        self.failures += 1\n        self.score = max(0.0, self.score - penalty * self.score)\n        self.last_updated = time.time()\n\n    def current(self, decay_rate: float = 0.001) -> float:\n        \"\"\"Get score with temporal decay — trust erodes without activity.\"\"\"\n        elapsed = time.time() - self.last_updated\n        decay = math.exp(-decay_rate * elapsed)\n        return self.score * decay\n\n    @property\n    def reliability(self) -> float:\n        total = self.successes + self.failures\n        return self.successes / total if total > 0 else 0.0\n\n\n# Usage in multi-agent systems\ntrust = TrustScore()\n\n# Agent completes tasks successfully\ntrust.record_success()  # 0.525\ntrust.record_success()  # 0.549\n\n# Agent makes an error\ntrust.record_failure()  # 0.467\n\n# Gate sensitive operations on trust\nif trust.current() >= 0.7:\n    # Allow autonomous operation\n    pass\nelif trust.current() >= 0.4:\n    # Allow with human oversight\n    pass\nelse:\n    # Deny or require explicit approval\n    pass\n```\n\n**Multi-agent trust**: In systems where agents delegate to other agents, each agent maintains trust scores for its delegates:\n\n```python\nclass AgentTrustRegistry:\n    def __init__(self):\n        self.scores: dict[str, TrustScore] = {}\n\n    def get_trust(self, agent_id: str) -> TrustScore:\n        if agent_id not in self.scores:\n            self.scores[agent_id] = TrustScore()\n        return self.scores[agent_id]\n\n    def most_trusted(self, agents: list[str]) -> str:\n        return max(agents, key=lambda a: self.get_trust(a).current())\n\n    def meets_threshold(self, agent_id: str, threshold: float) -> bool:\n        return self.get_trust(agent_id).current() >= threshold\n```\n\n---\n\n## Pattern 5: Audit Trail\n\nAppend-only audit log for all agent actions — critical for compliance and debugging:\n\n```python\nfrom dataclasses import dataclass, field\nimport json\nimport time\n\n@dataclass\nclass AuditEntry:\n    timestamp: float\n    agent_id: str\n    tool_name: str\n    action: str           # \"allowed\", \"denied\", \"error\"\n    policy_name: str\n    details: dict = field(default_factory=dict)\n\nclass AuditTrail:\n    \"\"\"Append-only audit trail for agent governance events.\"\"\"\n    def __init__(self):\n        self._entries: list[AuditEntry] = []\n\n    def log(self, agent_id: str, tool_name: str, action: str,\n            policy_name: str, **details):\n        self._entries.append(AuditEntry(\n            timestamp=time.time(),\n            agent_id=agent_id,\n            tool_name=tool_name,\n            action=action,\n            policy_name=policy_name,\n            details=details\n        ))\n\n    def denied(self) -> list[AuditEntry]:\n        \"\"\"Get all denied actions — useful for security review.\"\"\"\n        return [e for e in self._entries if e.action == \"denied\"]\n\n    def by_agent(self, agent_id: str) -> list[AuditEntry]:\n        return [e for e in self._entries if e.agent_id == agent_id]\n\n    def export_jsonl(self, path: str):\n        \"\"\"Export as JSON Lines for log aggregation systems.\"\"\"\n        with open(path, \"w\") as f:\n            for entry in self._entries:\n                f.write(json.dumps({\n                    \"timestamp\": entry.timestamp,\n                    \"agent_id\": entry.agent_id,\n                    \"tool\": entry.tool_name,\n                    \"action\": entry.action,\n                    \"policy\": entry.policy_name,\n                    **entry.details\n                }) + \"\\n\")\n```\n\n---\n\n## Pattern 6: Framework Integration\n\n### PydanticAI\n\n```python\nfrom pydantic_ai import Agent\n\npolicy = GovernancePolicy(\n    name=\"support-bot\",\n    allowed_tools=[\"search_docs\", \"create_ticket\"],\n    blocked_patterns=[r\"(?i)(ssn|social\\s+security|credit\\s+card)\"],\n    max_calls_per_request=20\n)\n\nagent = Agent(\"openai:gpt-4o\", system_prompt=\"You are a support assistant.\")\n\n@agent.tool\n@govern(policy)\nasync def search_docs(ctx, query: str) -> str:\n    \"\"\"Search knowledge base — governed.\"\"\"\n    return await kb.search(query)\n\n@agent.tool\n@govern(policy)\nasync def create_ticket(ctx, title: str, body: str) -> str:\n    \"\"\"Create support ticket — governed.\"\"\"\n    return await tickets.create(title=title, body=body)\n```\n\n### CrewAI\n\n```python\nfrom crewai import Agent, Task, Crew\n\npolicy = GovernancePolicy(\n    name=\"research-crew\",\n    allowed_tools=[\"search\", \"analyze\"],\n    max_calls_per_request=30\n)\n\n# Apply governance at the crew level\ndef governed_crew_run(crew: Crew, policy: GovernancePolicy):\n    \"\"\"Wrap crew execution with governance checks.\"\"\"\n    audit = AuditTrail()\n    for agent in crew.agents:\n        for tool in agent.tools:\n            original = tool.func\n            tool.func = govern(policy, audit_trail=audit)(original)\n    result = crew.kickoff()\n    return result, audit\n```\n\n### OpenAI Agents SDK\n\n```python\nfrom agents import Agent, function_tool\n\npolicy = GovernancePolicy(\n    name=\"coding-agent\",\n    allowed_tools=[\"read_file\", \"write_file\", \"run_tests\"],\n    blocked_tools=[\"shell_exec\"],\n    max_calls_per_request=50\n)\n\n@function_tool\n@govern(policy)\nasync def read_file(path: str) -> str:\n    \"\"\"Read file contents — governed.\"\"\"\n    import os\n    safe_path = os.path.realpath(path)\n    if not safe_path.startswith(os.path.realpath(\".\")):\n        raise ValueError(\"Path traversal blocked by governance\")\n    with open(safe_path) as f:\n        return f.read()\n```\n\n---\n\n## Governance Levels\n\nMatch governance strictness to risk level:\n\n| Level | Controls | Use Case |\n|-------|----------|----------|\n| **Open** | Audit only, no restrictions | Internal dev/testing |\n| **Standard** | Tool allowlist + content filters | General production agents |\n| **Strict** | All controls + human approval for sensitive ops | Financial, healthcare, legal |\n| **Locked** | Allowlist only, no dynamic tools, full audit | Compliance-critical systems |\n\n---\n\n## Best Practices\n\n| Practice | Rationale |\n|----------|-----------|\n| **Policy as configuration** | Store policies in YAML/JSON, not hardcoded — enables change without deploys |\n| **Most-restrictive-wins** | When composing policies, deny always overrides allow |\n| **Pre-flight intent check** | Classify intent *before* tool execution, not after |\n| **Trust decay** | Trust scores should decay over time — require ongoing good behavior |\n| **Append-only audit** | Never modify or delete audit entries — immutability enables compliance |\n| **Fail closed** | If governance check errors, deny the action rather than allowing it |\n| **Separate policy from logic** | Governance enforcement should be independent of agent business logic |\n\n---\n\n## Quick Start Checklist\n\n```markdown\n## Agent Governance Implementation Checklist\n\n### Setup\n- [ ] Define governance policy (allowed tools, blocked patterns, rate limits)\n- [ ] Choose governance level (open/standard/strict/locked)\n- [ ] Set up audit trail storage\n\n### Implementation\n- [ ] Add @govern decorator to all tool functions\n- [ ] Add intent classification to user input processing\n- [ ] Implement trust scoring for multi-agent interactions\n- [ ] Wire up audit trail export\n\n### Validation\n- [ ] Test that blocked tools are properly denied\n- [ ] Test that content filters catch sensitive patterns\n- [ ] Test rate limiting behavior\n- [ ] Verify audit trail captures all events\n- [ ] Test policy composition (most-restrictive-wins)\n```\n\n---\n\n## Related Resources\n\n- [Agent Governance Toolkit](https://github.com/microsoft/agent-governance-toolkit) — Full governance framework\n- [AgentMesh Integrations](https://github.com/microsoft/agent-governance-toolkit/tree/main/packages/agentmesh-integrations) — Framework-specific packages\n- [OWASP Top 10 for LLM Applications](https://owasp.org/www-project-top-10-for-large-language-model-applications/)","tags":["agent","governance","awesome","copilot","github","agent-skills","agents","custom-agents","github-copilot","hacktoberfest","prompt-engineering"],"capabilities":["skill","source-github","skill-agent-governance","topic-agent-skills","topic-agents","topic-awesome","topic-custom-agents","topic-github-copilot","topic-hacktoberfest","topic-prompt-engineering"],"categories":["awesome-copilot"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/github/awesome-copilot/agent-governance","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add github/awesome-copilot","source_repo":"https://github.com/github/awesome-copilot","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 33270 github stars · SKILL.md body (17,833 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T18:52:04.078Z","embedding":null,"createdAt":"2026-04-18T20:25:43.257Z","updatedAt":"2026-05-18T18:52:04.078Z","lastSeenAt":"2026-05-18T18:52:04.078Z","tsv":"'+777':673 '/microsoft/agent-governance-toolkit)':2032 '/microsoft/agent-governance-toolkit/tree/main/packages/agentmesh-integrations)':2040 '/www-project-top-10-for-large-language-model-applications/)':2053 '0':1141,1144,1231 '0.0':597,1133,1182,1233 '0.001':1195 '0.05':1158 '0.15':1177 '0.4':1273 '0.467':1258 '0.5':1132 '0.525':1248 '0.549':1251 '0.7':654,732,776,1266 '0.8':630,668 '0.9':644,676,703,718 '0.95':692 '1':153,888,928,1160,1166,1179 '1.0':599,1136,1163 '10':1062,2047 '100':242 '1000':1005 '2':561,921 '20':1600 '25':533 '3':830,948 '30':1679 '4':977,1098 '4o':1606 '5':1374 '50':456,1756 '6':1563 'access':37,114,149,665 'account':89 'act':809 'action':892,898,910,999,1024,1385,1412,1452,1470,1471,1486,1555,1920 'activ':1205 'ad':8,43,51 'add':1966,1973 'admin':663,1095 'agent':2,16,24,40,46,59,66,111,116,127,129,133,159,205,348,477,499,574,1039,1048,1102,1238,1242,1252,1288,1293,1297,1299,1320,1325,1331,1336,1342,1348,1360,1369,1384,1406,1434,1446,1462,1464,1502,1504,1518,1548,1572,1601,1602,1662,1703,1725,1729,1731,1739,1823,1935,1942,1986,2027 'agent-govern':1 'agent-specif':347 'agent.tool':1614,1633 'agent.tools':1709 'agentmesh':2036 'agenttrustregistri':1308 'aggreg':1532 'ai':15,23,58,65,1570 'allow':161,189,190,209,270,464,500,1000,1049,1267,1274,1414,1579,1671,1740,1874,1923,1950 'allow/deny':105 'allowlist':217,1818,1836 'allowlist/blocklist':891 'alway':1872 'analyz':1674 'api':29,121,447,517 'append':1378,1429,1900 'append-on':1377,1428,1899 'appli':1680 'applic':2050 'approv':247,256,288,382,474,536,920,1284,1828 'arg':883,954,957,962,967,987 'argument':952 'assist':1613 'async':880,1069,1617,1636,1761 'audit':91,101,140,863,980,990,1015,1041,1065,1067,1375,1380,1431,1700,1715,1717,1723,1810,1842,1902,1907,1962,1990,2013 'audit_trail.append':995,1020 'auditentri':1403,1442,1459,1482,1508 'audittrail':1427,1701 'autonom':1268 'await':985,1630,1651 'base':36,578,1109,1627 'behavior':206,1898,2011 'best':1847 'block':218,227,316,437,443,508,514,905,973,1053,1090,1585,1748,1786,1952,1996 'blocklist':226 'bodi':1643,1655,1656 'bool':777,1365 'bot':1578 'boundari':70,136 'broad':427 'build':22 'busi':1936 'c':689 'call':26,76,118,238,384,389,393,453,530,852,925,930,934,944,947,1059,1597,1676,1753 'captur':2015 'card':1595 'case':1808 'catch':2005 'categori':588,748,761,762 'chang':1861 'check':98,258,265,306,313,779,816,826,842,889,922,949,1699,1879,1916 'checklist':1940,1945 'chmod':671 'choos':1956 'class':186,200,586,1123,1307,1402,1426 'classif':96,564,804,1975 'classifi':734,740,789,1880 'close':1913 'code':493,1738 'coding-ag':1737 'collect':849 'combin':339,365,422 'combined.allowed':400,402,408,416 'combined.blocked_patterns.extend':376 'combined.blocked_tools.extend':373 'combined.max':383,388 'combined.require_human_approval.extend':379 'command':124 'complet':1243 'complianc':139,1388,1844,1911 'compliance-crit':1843 'compos':166,352,368,479,1869 'composit':338,2020 'confid':595,763 'configur':491,1853 'content':78,235,307,309,314,331,736,741,756,772,782,791,950,966,1770,1819,2003 'control':13,38,71,204,1806,1826 'counter':853,926,931 'creat':1583,1638,1646 'credit':1593 'crew':1664,1670,1684,1688,1690,1691,1695 'crew.agents':1705 'crew.kickoff':1720 'crewai':1657,1660 'critic':1386,1845 'ctx':1621,1640 'curl':647 'current':1190,1355,1371 'd':650 'danger':566 'data':148,462,553,559,591,614,628,642,652 'data-team':461 'databas':30,122,442,505,697 'dataclass':172,174,199,582,584,585,1114,1116,1122,1393,1395,1401 'db':467 'debug':1390 'decay':1108,1129,1192,1201,1210,1212,1217,1888,1892 'decay-bas':1107 'declar':202 'decor':835,866,876,1035,1968 'def':257,305,351,542,733,769,859,875,881,1070,1152,1171,1189,1219,1309,1316,1338,1356,1437,1443,1478,1500,1520,1618,1637,1686,1762 'default':214,223,232,251,1149,1423 'defaultdict':851,857 'defin':69,156,1947 'del':684 'deleg':130,1294,1305 'delet':441,512,525,1906 'deni':191,192,1280,1415,1479,1485,1499,1871,1918,2000 'deploy':138,1863 'destruct':691,702 'detail':1420,1457,1476,1477 'detect':104,565,605,611,975 'dev/testing':1815 'dict':854,1313,1421,1425 'differ':820 'doc':1582,1620 'document':503,1076 'drop':523,695 'durat':1001 'dynam':1839 'e':1013,1028,1492,1494,1510,1512 'e.action':1498 'e.agent':1516 'e.g':342,590 'elaps':1206,1214 'elif':1271 'els':415,1232,1279 'email':507,538 'enabl':1860,1910 'enforc':56,868,1930 'ensur':64 'entir':622 'entri':1541,1908 'entry.action':1556 'entry.agent':1550 'entry.details':1560 'entry.policy':1558 'entry.timestamp':1547 'entry.tool':1553 'enum':177,179,188 'erod':1203 'error':1025,1026,1255,1416,1917 'escal':594,656,667,675 'event':1436,2017 'everi':621 'evid':600,765 'exceed':942 'except':1010,1011 'exec':440,511,1751 'execut':100,808,978,1696,1884 'exfiltr':592,615,629,643,653 'explicit':1283 'export':633,1521,1526,1992 'extern':27,119,638 'f':552,556,902,914,939,972,1081,1539,1794 'f.read':1796 'f.write':1544 'factori':215,224,233,252,1150,1424 'fail':1912 'failur':1142,1173,1257 'field':175,213,222,231,250,1117,1148,1396,1422 'file':31,469,1743,1745,1764,1769 'filter':236,1820,2004 'financi':146,1832 'flag':195 'flight':814,1877 'float':596,775,1131,1147,1157,1176,1194,1196,1222,1364,1405 'format':687 'framework':1040,1564,2035,2042 'framework-specif':2041 'full':1841,2033 'fulli':1137 'func':877,879,986 'func.__name__':887 'function':839,874,1732,1757,1972 'functool':845 'functools.wraps':878 'fundament':819 'gate':1259 'general':1821 'generat':828 'get':1197,1317,1483 'github.com':2031,2039 'github.com/microsoft/agent-governance-toolkit)':2030 'github.com/microsoft/agent-governance-toolkit/tree/main/packages/agentmesh-integrations)':2038 'given':786 'good':1897 'govern':3,9,47,62,154,834,841,860,869,1063,1077,1435,1615,1628,1634,1649,1681,1687,1698,1713,1759,1771,1788,1797,1800,1915,1929,1943,1948,1957,1967,2028,2034 'governance-policy.yaml':495 'governancepolici':201,355,356,366,432,459,547,558,862,1044,1574,1666,1693,1735 'gpt':1605 'gpt-4o':1604 'guardrail':823 'happen':805 'hardcod':1859 'healthcar':1833 'human':197,246,287,381,473,535,919,1276,1827 'id':1321,1326,1332,1337,1361,1370,1407,1447,1463,1465,1505,1517,1519,1549,1551 'ignor':708 'immut':1909 'implement':33,1944,1965,1980 'import':173,178,182,184,540,583,844,846,850,1115,1118,1120,1394,1397,1399,1571,1661,1730,1772 'independ':1933 'individu':837 'infrastructur':150 'init':1310,1438 'inject':705,717,731 'input':1978 'insight':802 'instruct':714 'int':45,241,856,858,1140,1143 'integr':1565,2037 'intent':95,563,567,735,790,803,1878,1881,1974 'intentsign':587,739,760 'interact':1987 'intern':1814 'isinst':961 'json':1398,1528 'json.dumps':1545 'jsonl':1522 'kb.search':1631 'key':448,518,801,1349 'knowledg':1626 'kwarg':884,988 'kwargs.values':959 'lambda':1350 'last':1145 'latest':1087 'layer':424 'legal':1834 'level':833,1685,1798,1804,1805,1958 'limit':244,924,941,1955,2010 'line':1529 'list':211,216,220,225,229,234,248,253,418,738,956,958,1343,1441,1481,1507 'llm':2049 'load':543,555 'lock':1835 'log':102,1042,1068,1381,1444,1531 'logic':1928,1937 'maintain':88,1300 'make':1253 'manag':151 'markdown':1941 'match':319,753,758,964,969,976,1799 'match.group':766 'math':1119 'math.exp':1211 'max':237,452,529,1058,1181,1347,1596,1675,1752 'meet':1357 'merg':357 'min':387,1162 'modif':678 'modifi':1904 'most-restrictive-win':360,1864,2021 'ms':1002 'much':83 'multi':126,1237,1287,1985 'multi-ag':125,1236,1286,1984 'multipl':340 'n':1561 'name':207,262,276,284,296,367,433,460,496,886,896,908,917,998,1023,1045,1410,1418,1450,1455,1467,1469,1473,1475,1554,1559,1575,1667,1736 'need':134,255 'never':1903 'none':322,336,865,994,1019 'object':169 'ongo':1896 'op':1831 'open':549,1535,1790,1809 'open/standard/strict/locked':1959 'openai':1603,1724 'oper':67,145,1261,1269 'option':183,311 'org':344,430,435,481 'org-wid':343,434 'origin':1710,1718 'os':1773 'os.path.realpath':1776,1781 'output':822 'outsid':639 'overrid':1873 'oversight':1277 'overview':61 'owasp':2045 'owasp.org':2052 'owasp.org/www-project-top-10-for-large-language-model-applications/)':2051 'packag':2044 'parti':641 'pass':1085,1270,1278,1285 'password':450,520,1057,1096 'path':545,550,1524,1536,1765,1775,1777,1784,1792 'pattern':4,48,49,63,152,228,317,320,324,327,330,334,378,444,515,560,577,608,747,755,829,974,1054,1097,1373,1562,1586,1953,2007 'pattern-bas':576 'penalti':1175,1184 'per':239,385,390,394,454,531,935,945,1060,1598,1677,1754 'permissionerror':901,913,938,971 'polici':35,55,97,155,168,203,273,337,341,353,354,358,370,372,425,431,458,478,480,482,484,485,489,544,861,870,903,1043,1064,1079,1417,1454,1472,1474,1557,1573,1616,1635,1665,1692,1714,1734,1760,1851,1855,1870,1926,1949,2019 'policy-bas':34 'policy.allowed':397,413,419 'policy.blocked':374,377 'policy.check':893,965 'policy.max':392,933,943 'policy.name':904,927,932 'policy.require':380 'policyact':187,264 'policyaction.allow':304 'policyaction.deny':281,302,899 'policyaction.review':290,911 'practic':1848,1849 'pre':813,1876 'pre-flight':812,1875 'previous':710 'privileg':593,655,666,674 'process':81,1979 'product':137,498,1822 'production-ag':497 'prompt':569,704,716,730,1608 'proper':1999 'properti':1218 'pydant':1569 'pydanticai':1566 'python':170,350,539,580,843,1112,1306,1391,1567,1658,1727 'quarter':1088 'queri':466,504,1072,1084,1622,1632 'quick':778,1938 'r':445,616,631,645,657,669,679,693,706,719,1055,1587 'rais':900,912,937,970,1031,1782 'rate':243,923,940,1193,1213,1954,2009 'rather':1921 'rational':1850 're':185 're.ignorecase':332 're.search':329,754 'reach':572 'read':468,1742,1763,1768 'record':513,1153,1172 'relat':2025 'reliabl':1103,1220 'report':471,476,1089 'request':94,240,386,391,395,455,532,936,946,1061,1599,1678,1755 'requir':143,245,472,534,918,1282,1895 'research':1669 'research-crew':1668 'resourc':2026 'restrict':362,1813,1866,2023 'result':984,1009,1082,1719,1722 'return':280,289,301,303,318,333,335,421,557,767,792,1008,1032,1034,1080,1215,1226,1334,1346,1366,1491,1509,1629,1650,1721,1795 'review':193,194,198,1490 'reward':1156,1165 'rf':683 'risk':1803 'rm':681 'root':662 'rule':715 'run':1689,1746 's.confidence':795 'safe':771,783,1774,1791 'safe_path.startswith':1780 'safeti':10,52,142,815 'score':1100,1111,1126,1130,1198,1302,1890,1982 'sdk':1726 'search':502,1047,1051,1071,1075,1086,1091,1581,1619,1625,1673 'search-ag':1046 'secret':449,519 'secur':1489,1592 'self':260,308,1155,1174,1191,1221,1311,1319,1341,1359,1439,1445,1480,1503,1523 'self._entries':1440,1496,1514,1543 'self._entries.append':1458 'self.allowed':292,299 'self.blocked':278,326 'self.failures':1178,1225 'self.get':1352,1367 'self.last':1168,1186,1208 'self.require':286 'self.score':1161,1164,1167,1180,1183,1185,1216 'self.scores':1312,1329,1330,1335 'self.successes':1159,1224,1227 'semant':44,364,562 'send':506,537,618 'sensit':144,1260,1830,2006 'separ':1925 'serializ':167 'set':1960 'setup':1946 'shell':123,439,510,1750 'show':1092 'signal':579,607,613,744,745,752,768,788,800 'signals.append':759 'skill':20 'skill-agent-governance' 'social':1590 'source-github' 'specif':349,429,2043 'sq':686 'ssn':1589 'standard':1816 'start':981,1004,1939 'storag':1964 'store':488,1854 'str':208,212,221,230,249,263,310,312,546,589,601,737,773,855,963,1027,1073,1074,1314,1322,1344,1345,1362,1408,1411,1413,1419,1448,1451,1453,1456,1506,1525,1623,1624,1642,1644,1645,1766,1767 'strict':1801,1824 'success':1139,1154,1245,1247,1250 'sudo':659 'summar':1052 'support':1577,1612,1647 'support-bot':1576 'system':17,32,60,128,677,690,701,1239,1291,1533,1607,1846 'tabl':700 'task':1244,1663 'team':346,457,463,483 'techniqu':6 'tempor':1128,1200 'test':1747,1994,2001,2008,2018 'third':640 'threat':103,610,612,743,751 'threshold':774,787,796,1358,1363,1372 'ticket':1584,1639,1648 'tickets.create':1652 'time':847,1105,1121,1400,1894 'time.monotonic':982,1003 'time.time':1007,1030,1151,1170,1188,1207,1461 'timestamp':1006,1029,1404,1460,1546 'titl':1641,1653,1654 'tool':28,41,73,99,113,120,210,219,254,259,261,268,275,279,283,293,295,300,375,398,401,403,409,414,417,420,438,465,501,509,807,832,838,873,885,890,894,895,906,907,915,916,996,997,1021,1022,1050,1409,1449,1466,1468,1552,1580,1672,1707,1733,1741,1749,1758,1817,1840,1883,1951,1971,1997 'tool-level':831 'tool.func':1711,1712 'toolkit':2029 'top':2046 'topic-agent-skills' 'topic-agents' 'topic-awesome' 'topic-custom-agents' 'topic-github-copilot' 'topic-hacktoberfest' 'topic-prompt-engineering' 'total':1223,1228,1230 'track':1101 'trail':92,864,991,1016,1066,1376,1432,1716,1963,1991,2014 'transact':147 'travers':1785 'tri':983 'trigger':603 'truncat':524,698 'trust':12,53,106,135,1099,1110,1125,1138,1202,1240,1263,1289,1301,1318,1340,1353,1368,1887,1889,1981 'trust.current':1265,1272 'trust.record':1246,1249,1256 'trustscor':1124,1241,1315,1323,1333 'type':181 'untrust':1134 'updat':107,1146,1169,1187,1209 'usag':42,423,1036,1234 'use':18,110,575,1487,1807 'user':93,1977 'valid':1993 'valueerror':1783 'verifi':2012 'w':528,624,1537 'weight':606,749,764 'wide':345,436 'win':363,1867,2024 'wire':1988 'within':68 'without':1204,1862 'wrap':836,1694 'wrapper':882,1033 'write':470,475,1744 'yaml':487,494,541 'yaml.safe':554 'yaml/json':1857","prices":[{"id":"8580c54f-b3af-4bc5-a8ff-5605c6f4c70c","listingId":"9736a031-f536-4f2e-a112-6c855dbc5d63","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"github","category":"awesome-copilot","install_from":"skills.sh"},"createdAt":"2026-04-18T20:25:43.257Z"}],"sources":[{"listingId":"9736a031-f536-4f2e-a112-6c855dbc5d63","source":"github","sourceId":"github/awesome-copilot/agent-governance","sourceUrl":"https://github.com/github/awesome-copilot/tree/main/skills/agent-governance","isPrimary":false,"firstSeenAt":"2026-04-18T21:48:06.177Z","lastSeenAt":"2026-05-18T18:52:04.078Z"},{"listingId":"9736a031-f536-4f2e-a112-6c855dbc5d63","source":"skills_sh","sourceId":"github/awesome-copilot/agent-governance","sourceUrl":"https://skills.sh/github/awesome-copilot/agent-governance","isPrimary":true,"firstSeenAt":"2026-04-18T20:25:43.257Z","lastSeenAt":"2026-05-07T22:40:17.881Z"}],"details":{"listingId":"9736a031-f536-4f2e-a112-6c855dbc5d63","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"github","slug":"agent-governance","github":{"repo":"github/awesome-copilot","stars":33270,"topics":["agent-skills","agents","ai","awesome","custom-agents","github-copilot","hacktoberfest","prompt-engineering"],"license":"mit","html_url":"https://github.com/github/awesome-copilot","pushed_at":"2026-05-18T01:26:59Z","description":"Community-contributed instructions, agents, skills, and configurations to help you make the most of GitHub Copilot.","skill_md_sha":"a3c2501676c11fd8433c802b7f1c21d174ff6721","skill_md_path":"skills/agent-governance/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/github/awesome-copilot/tree/main/skills/agent-governance"},"layout":"multi","source":"github","category":"awesome-copilot","frontmatter":{"name":"agent-governance","description":"Patterns and techniques for adding governance, safety, and trust controls to AI agent systems. Use this skill when:\n- Building AI agents that call external tools (APIs, databases, file systems)\n- Implementing policy-based access controls for agent tool usage\n- Adding semantic intent classification to detect dangerous prompts\n- Creating trust scoring systems for multi-agent workflows\n- Building audit trails for agent actions and decisions\n- Enforcing rate limits, content filters, or tool restrictions on agents\n- Working with any agent framework (PydanticAI, CrewAI, OpenAI Agents, LangChain, AutoGen)"},"skills_sh_url":"https://skills.sh/github/awesome-copilot/agent-governance"},"updatedAt":"2026-05-18T18:52:04.078Z"}}