Confirm successful installation by checking the skill directory location:
.cursor/skills/agent-governance
Restart Cursor to activate agent-governance. Access via /agent-governance in your agent's command palette.
β
Security Notice
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Patterns for adding safety, trust, and policy enforcement to AI agent systems.
Overview
Governance patterns ensure AI agents operate within defined boundaries β controlling which tools they can call, what content they can process, how much they can do, and maintaining accountability through audit trails.
Agents with tool access: Any agent that calls external tools (APIs, databases, shell commands)
Multi-agent systems: Agents delegating to other agents need trust boundaries
Production deployments: Compliance, audit, and safety requirements
Sensitive operations: Financial transactions, data access, infrastructure management
Pattern 1: Governance Policy
Define what an agent is allowed to do as a composable, serializable policy object.
from dataclasses import dataclass, field
from enum import Enum
from typing import Optional
import re
classPolicyAction(Enum): ALLOW ="allow" DENY ="deny" REVIEW ="review"# flag for human review@dataclassclassGovernancePolicy:"""Declarative policy controlling agent behavior.""" name:str allowed_tools:list[str]= field(default_factory=list)# allowlist blocked_tools:list[str]= field(default_factory=list)# blocklist blocked_patterns:list[str]= field(default_factory=list)# content filters max_calls_per_request:int=100# rate limit require_human_approval:list[str]= field(default_factory=list)# tools needing approvaldefcheck_tool(self, tool_name:str)-> PolicyAction:"""Check if a tool is allowed by this policy."""if tool_name in self.blocked_tools:return PolicyAction.DENY
if tool_name in self.require_human_approval:return PolicyAction.REVIEW
if self.allowed_tools and tool_name notin self.allowed_tools:return PolicyAction.DENY
return PolicyAction.ALLOW
defcheck_content(self, content:str)-> Optional[str]:"""Check content against blocked patterns. Returns matched pattern or None."""for pattern in self.blocked_patterns:if re.search(pattern, content, re.IGNORECASE):return pattern
returnNone
Policy Composition
Combine multiple policies (e.g., org-wide + team + agent-specific):
defcompose_policies(*policies: GovernancePolicy)-> GovernancePolicy:"""Merge policies with most-restrictive-wins semantics.""" combined = GovernancePolicy(name="composed")for policy in policies: combined.blocked_tools.extend(policy.blocked_tools) combined.blocked_patterns.extend(policy.blocked_patterns) combined.require_human_approval.extend(policy.require_human_approval) combined.max_calls_per_request =min( combined.max_calls_per_request, policy.max_calls_per_request
)if policy.allowed_tools:if combined.allowed_tools: combined.allowed_tools =[ t for t in combined.allowed_tools if t in policy.allowed_tools
]else: combined.allowed_tools =list(policy.allowed_tools)return combined
# Usage: layer policies from broad to specificorg_policy = GovernancePolicy( name="org-wide", blocked_tools=["shell_exec","delete_database"], blocked_patterns=[r"(?i)(api[_-]?key|secret|password)\s*[:=]"], max_calls_per_request=50)team_policy = GovernancePolicy( name="data-team", allowed_tools=["query_db","read_file","write_report"], require_human_approval=["write_report"])agent_policy = compose_policies(org_policy, team_policy)
import yaml
defload_policy(path:str)-> GovernancePolicy:withopen(path)as f: data = yaml.safe_load(f)return GovernancePolicy(**data)
Pattern 2: Semantic Intent Classification
Detect dangerous intent in prompts before they reach the agent, using pattern-based signals.
from dataclasses import dataclass
@dataclassclassIntentSignal: category:str# e.g., "data_exfiltration", "privilege_escalation" confidence:float# 0.0 to 1.0 evidence:str# what triggered the detection# Weighted signal patterns for threat detectionTHREAT_SIGNALS =[# Data exfiltration(r"(?i)send\s+(all|every|entire)\s+\w+\s+to\s+","data_exfiltration",0.8),(r"(?i)export\s+.*\s+to\s+(external|outside|third.?party)","data_exfiltration",0.9),(r"(?i)curl\s+.*\s+-d\s+","data_exfiltration",0.7),# Privilege escalation(r"(?i)(sudo|as\s+root|admin\s+access)","privilege_escalation",0.8),(r"(?i)chmod\s+777","privilege_escalation",0.9),# System modification(r"(?i)(rm\s+-rf|del\s+/[sq]|format\s+c:)","system_destruction",0.95),(r"(?i)(drop\s+database|truncate\s+table)","system_destruction",0.9),
Implementation Guide
Prerequisites
βΊClaude Desktop or compatible AI client with skill support
βΊClear understanding of task or problem to solve
βΊWillingness to iterate and refine outputs
Time Estimate
15-45 minutes depending on use case complexity
Steps
1Install skill using provided installation command
2Test with simple use case relevant to your work
3Evaluate output quality and relevance
4Iterate on prompts to improve results
5Integrate into regular workflow if valuable
Common Pitfalls
β Expecting perfect results without iteration
β Not providing enough context in prompts
β Using skill for tasks outside its intended scope
β Accepting outputs without review and validation
Best Practices
β Do
+Start with clear, specific prompts
+Provide relevant context and constraints
+Review and refine all outputs before using
+Iterate to improve output quality
+Document successful prompt patterns
β Don't
βDon't use without understanding skill limitations
βDon't skip validation of outputs
βDon't share sensitive information in prompts
βDon't expect skill to replace human judgment
π‘ Pro Tips
β Be specific about desired format and style
β Ask for multiple options to choose from
β Request explanations to understand reasoning
β Combine AI efficiency with human expertise
When to Use This
β Use when
Use when skill capabilities match your task, clear ROI on time saved, and you can validate outputs. Best for repetitive tasks, learning, and quality improvement.
β Avoid when
Avoid when task requires deep expertise you can't validate, involves sensitive decisions, or when learning process is more valuable than speed of completion.
Learning Path
1Familiarize yourself with skill capabilities and limitations
2Start with low-risk, non-critical tasks
3Progress to more complex and valuable use cases
4Build expertise through regular use and experimentation
