RHEcosystemAppEng

**CRITICAL**: Use for ALL CVE discovery and listing. DO NOT call get_cves directly. Use when: "show critical CVEs", "CVEs on hostname X", "remediatable vulnerabilities", "impact of CVE-X", risk assessment. NOT for remediation (use `/remediation`). System-level: FIRST reply = pagination prompt (Step -1). Parsing: references/01-cve-response-parser.py.

Query and display Red Hat Lightspeed managed system inventory. This skill focuses on discovery and listing only - for remediation actions, transition to the `/remediation` skill. Use when: - "Show the managed fleet" - "List all systems registered in Lightspeed" - "What systems are affected by CVE-X?" - "How many RHEL 8 systems do we have?" - "Show me production systems" **When NOT to use this skill** (use `/remediation` skill instead): - "Remediate CVE-X on these systems" - "Create a playbook for..." - "Patch system Y" This skill orchestrates MCP tools from lightspeed-mcp for fleet visibility and system inventory management.

Validate Red Hat Lightspeed MCP server connectivity. Use when the user asks to "validate Lightspeed MCP", "check Lightspeed connection", or when other skills need to verify lightspeed-mcp availability before CVE operations.

Interactive skill creation and import with automated validation and marketplace compliance. Use when: - "Create a new skill" - "Import an existing skill" - "Create a new agentic pack" - "Add skill to <pack>" - "Build skill for <rh-product>" - User mentions "skill builder", "contribute", "new skill", "import skill", or "new pack" Two modes: create from scratch or import existing SKILL.md. Guides through discovery, definition, generation, and validation. Enforces SKILL_DESIGN_PRINCIPLES.md and agentskills.io spec.

Diagnose and fix `.catalog/` validation failures (schema, roster, banners, sample workflows, JSON mirror). Use when: - `make validate` or CI reports collection compliance errors - A PR adds skills but catalog was not updated - `collection.json` is out of sync with `collection.yaml` - Catalog metadata/fragments might have drifted from README/CLAUDE/SKILL golden sources Remediation is via the create-collection workflow and `catalog_yaml_to_json.py`—not by weakening checks.

Author or refresh `<pack>/.catalog/collection.yaml` and related `.catalog/` artifacts from golden sources (SKILL.md, README, AGENTS.md, Lola marketplace). Use when: - Adding a new pack or refreshing the collection catalog for GitHub Pages / tooling - Aligning catalog narrative, sample workflows, and decision guide with skills on disk - Preparing a PR after changing skills or marketplace metadata Outputs only under `<pack>/.catalog/` (never overwrite README, SKILL, CLAUDE, or marketplace YAML).

Guide users through creating a federation PR to register an external agentic pack in the marketplace. Collects only repository URL and pack path, infers other metadata from the repo, and confirms before proceeding. Use when: - "I want to federate my pack" - "How do I add an external pack to the marketplace?" - "Create a federation request" - "Register an external module" - User mentions "federation request", "federate", or "external module" NOT for reviewing federation PRs (use /federation-review instead). NOT for direct contributions (use /agentic-contribution-skill instead).

Validate a federation PR: license check, automated validation, and Lola marketplace verification. Use when: - "Review federation PR" - "Validate federated pack" - User mentions "federation", "federate", or "external pack" NOT for direct contributions (use /agentic-contribution-skill instead).

Guides multi-step tool chaining and common filter parameters for Inventory, Vulnerability, and Advisor tools. Enables the agent to combine information from multiple tools to answer complex queries instead of giving up after a single call. [PREFERRED]

Answers total/count/"how many?" queries for any resource — CVEs, hosts, advisory rules, blueprints, subscriptions, or content sources — with a single API call using limit=1 and response metadata instead of fetching all pages. [PREFERRED]

Teaches the agent how to handle paginated API responses correctly. Covers default fetch behavior, pagination metadata interpretation, stop conditions, and per-API pagination conventions for Vulnerability, Inventory, Advisor, and other tool categories. [PREFERRED]

Extends the base guardrails with detailed examples, edge cases, and severity-interpretation rules. Covers scope edge cases, prompt-injection patterns to recognize, data-integrity examples, and CVE severity context (advisor vs. vulnerability). [STRICT]

Extends the base tool invocation format with examples of correct vs. incorrect invocations, argument formatting guidance, schema lookup procedures, and edge cases for unknown tools. [STRICT]

Handles oversized tool results and tool errors gracefully. Teaches the agent to retry with narrower queries on oversized responses and to interpret HTTP status codes correctly instead of silently swallowing failures. [PREFERRED]

Defines the agent's capabilities reference and response style including output formatting rules for CVE lists, host inventories, advisor recommendations, and mixed results. [GUIDANCE]

Use when the user wants to analyze a CVE against a source code repository, analyze an SBOM file (SPDX or CycloneDX) for vulnerability exploitability, or analyze a CVE against a specific RPM package using the ExploitIQ service.

Use when the user wants to list, filter, inspect, retry, or delete CVE analysis reports from the ExploitIQ service. Covers checking report status, reviewing past analyses, triaging results, retrying failures, or cleaning up old reports.

Use when the user wants to list, inspect, or delete products in the ExploitIQ service. Products group related CVE analysis reports for a software component.