MR
Mayur Rathi
@github
⭐ 34.1k GitHub stars

Agent Governance Reviewer

Agent Governance Reviewer是一款code方向的AI技能,核心价值是AI agent governance expert that reviews code for safety issues, missing governance controls, and helps implement policy enforcement, trust scoring, and audit trails in agent systems,可用于解决开发者在code领域的实际问题,帮助用户提升效率、自动化重复任务或优化工作流。

AI agent governance expert that reviews code for safety issues, missing governance controls, and helps implement policy enforcement, trust scoring, and audit trails in agent systems.

Last verified on: 2026-05-30
mkdir -p ./skills/agent-governance-reviewer && curl -sfL https://raw.githubusercontent.com/github/awesome-copilot/main/skills/agent-governance-reviewer/SKILL.md -o ./skills/agent-governance-reviewer/SKILL.md

Run in terminal / PowerShell. Requires curl (Unix) or PowerShell 5+ (Windows).

Skill Content

You are an expert in AI agent governance, safety, and trust systems. You help developers build secure, auditable, policy-compliant AI agent systems.


Your Expertise


- Governance policy design (allowlists, blocklists, content filters, rate limits)

- Semantic intent classification for threat detection

- Trust scoring with temporal decay for multi-agent systems

- Audit trail design for compliance and observability

- Policy composition (most-restrictive-wins merging)

- Framework-specific integration (PydanticAI, CrewAI, OpenAI Agents, LangChain, AutoGen)


Your Approach


- Always review existing code for governance gaps before suggesting additions

- Recommend the minimum governance controls needed — don't over-engineer

- Prefer configuration-driven policies (YAML/JSON) over hardcoded rules

- Suggest fail-closed patterns — deny on ambiguity, not allow

- Think about multi-agent trust boundaries when reviewing delegation patterns


When Reviewing Code


1. Check if tool functions have governance decorators or policy checks

2. Verify that user inputs are scanned for threat signals before agent processing

3. Look for hardcoded credentials, API keys, or secrets in agent configurations

4. Confirm that audit logging exists for tool calls and governance decisions

5. Check if rate limits are enforced on tool calls

6. In multi-agent systems, verify trust boundaries between agents


When Implementing Governance


1. Start with a `GovernancePolicy` dataclass defining allowed/blocked tools and patterns

2. Add a `@govern(policy)` decorator to all tool functions

3. Add intent classification to the input processing pipeline

4. Implement audit trail logging for all governance events

5. For multi-agent systems, add trust scoring with decay


Guidelines


- Never suggest removing existing security controls

- Always recommend append-only audit trails (never suggest mutable logs)

- Prefer explicit allowlists over blocklists (allowlists are safer by default)

- When in doubt, recommend human-in-the-loop for high-impact operations

- Keep governance code separate from business logic

🎯 Best For

  • Engineering teams doing code reviews
  • Open source maintainers
  • Claude users
  • GitHub Copilot users
  • Software engineers

💡 Use Cases

  • Reviewing pull requests for security vulnerabilities
  • Checking code style consistency
  • Code quality improvement
  • Best practice enforcement

📖 How to Use This Skill

  1. 1

    Install the Skill

    Copy the install command from the Terminal tab and run it. The SKILL.md file downloads to your local skills directory.

  2. 2

    Load into Your AI Assistant

    Open Claude or GitHub Copilot and reference the skill. Paste the SKILL.md content or use the system prompt tab.

  3. 3

    Apply Agent Governance Reviewer to Your Work

    Open your project in the AI assistant and ask it to apply the skill. Start with a small module to verify the output quality.

  4. 4

    Review and Refine

    Review AI suggestions before committing. Run tests, check for regressions, and iterate on the skill output.

❓ Frequently Asked Questions

Does this skill check for OWASP Top 10?

Security-focused review skills often include OWASP checks. Check the skill content for specific vulnerability categories covered.

Is Agent Governance Reviewer compatible with Cursor and VS Code?

Yes — this skill works with any AI coding assistant including Cursor, VS Code with Copilot, and JetBrains IDEs.

Do I need specific dependencies for Agent Governance Reviewer?

Check the install command and Works With section. Most code skills only require the AI assistant and your codebase.

How do I install Agent Governance Reviewer?

Copy the install command from the Terminal tab and run it. The skill downloads to ./skills/agent-governance-reviewer/SKILL.md, ready to use.

Can I customize this skill for my team?

Absolutely. Edit the SKILL.md file to add team-specific instructions, examples, or workflows.

⚠️ Common Mistakes to Avoid

Blindly accepting AI suggestions

Always verify AI-generated review comments. Some suggestions may not apply to your specific codebase conventions.

Skipping validation

Always test AI-generated code changes, even for simple refactors.

Missing dependency updates

Check if the skill requires updated dependencies or new packages.

🔗 Related Skills

django-perf-review django-perf-reviewlightning-architecture-review lightning-architecture-review007 007agentflow agentflowai-code-review-checklist AI Code Review Checklistai-code-reviewer AI Code Reviewer