Design and implement governance controls for tool-using and multi-agent AI systems, including policy enforcement, approval gates, audit trails, trust scoring, rate limits, and safe tool execution.
Assess tool-using and multi-agent AI systems against OWASP ASI-style controls, mapping evidence to prompt injection, tool governance, agency, escalation, trust boundaries, audit, identity, policy integrity, supply chain, and behavioural monitoring risks.
Review, generate, and verify supply-chain integrity controls for AI agent tools, plugins, MCP servers, skills, prompts, and custom agents, including SHA-256 manifests, dependency pinning, provenance evidence, promotion gates, and CI verification.
Design and implement evaluation loops for AI agents, including reflection, evaluator-optimizer patterns, rubric scoring, LLM-as-judge review, test-driven refinement, convergence checks, and iteration logging.
Deconstruct code into bite-sized, logical chunks from a coaching perspective. Remove abstraction, explain the "why" behind each concept, identify best practices, code smells, and cognitive load issues. Use structured frameworks to provide thorough, pedagogical analysis that teaches *how to think* about code, not just what it does.
Produce Philippe Kruchten's 4+1 architectural view model for a software system. This is the core method skill: audience routing, concerns, per-view generation, and cross-view consistency. It outputs canonical diagram-as-code (Mermaid / PlantUML) plus view prose, and does not own draw.io or Miro rendering.
Use when creating, editing, or generating draw.io diagram files (.drawio, .drawio.svg, .drawio.png). Covers mxGraph XML authoring, shape libraries, style strings, flowcharts, system architecture, sequence diagrams, ER diagrams, UML class diagrams, network topology, layout strategy, the hediet.vscode-drawio VS Code extension, and the full agent workflow from request to a ready-to-open file.
Generate Miro board prompts for architecture diagrams. Use this skill to produce per-view Miro prompts from canonical 4+1 diagram sources, with RISEN structure, strict scope boundaries, and track-specific validation.