Menu
Review connector spec changes (spec, docs). Use when reviewing a PR involving connector specs, doing post-creation review after create-connector or build-connector, or preparing a connector PR checklist.
Register and implement custom workflow triggers from an external Kibana plugin using `@kbn/workflows-extensions`. Use when adding or modifying an event-driven trigger with `registerTriggerDefinition`, designing `eventSchema` Zod schemas, writing `documentation` and KQL `snippets`, wiring `emitEvent` via request context or `getClient`, choosing sync vs async public loader registration, updating `APPROVED_TRIGGER_DEFINITIONS`, or reviewing PRs that touch any of these. Always ask for the user's plugin id first to locate the correct plugin and file paths.
Register and roll out managed workflows from a Kibana plugin using `@kbn/workflows-extensions` and `@kbn/workflows/managed`. Use when adding or modifying a code-owned workflow definition, `registerManagedWorkflowOwner`, `initManagedWorkflowsClient`, `install` / `uninstall` / `ready`, choosing `lifecycle` / `versionStrategy` / `enablement`, authoring `yaml` vs `yamlTemplate`, space-scoped vs global installs, `getWorkflowStatus`, or `execute`, or reviewing PRs that touch managed workflow definitions or rollout. Always ask for the user's plugin id first to locate the correct plugin and definition file paths.
Implement and quality-check OpenTelemetry metric instrumentation in Kibana code that uses `@kbn/metrics`. Use whenever the user wants to add, change, or review OTel metrics — including any call to `metrics.getMeter`, `meter.createCounter`/`createUpDownCounter`/`createGauge`/`createHistogram`/`createObservable*`/`addBatchObservableCallback`, edits to `kibana.yml` `telemetry.metrics` config, or questions like "is this metric well-designed?", "what should I name this counter?", or "which instrument type is right here?". Trigger this skill even when the user does not say "OTel" or "OpenTelemetry" but is clearly adding observability to Kibana server code and already knows what they want to measure.
Primary guided playbook for Elasticsearch search in Kibana Agent Builder: intent → data → mapping → Dev Tools API snippets (SENSE), with one question at a time. Load this skill whenever the user wants to learn Elasticsearch search, get started, begin building, take first steps, onboard, follow a walkthrough or tutorial, go from zero to a working query, or get structured help setting up indices and search — including casual openers like hi, help, getting started, new to Elasticsearch, how do I build search, or I want to try search. Use when they need end-to-end onboarding, not a single narrow API answer. If they only ask what they can build with Elastic (exploration without the full playbook), prefer invoking /use-case-library first; you can still load this skill afterward for the guided build.
Topic-driven, hands-on Elasticsearch tutorial flow that runs in Kibana Dev Console. Use whenever the user says "walk me through", "give me a tutorial for", "teach me", "show me how X works", "tutorial on", or similar topical learning intent — and they are NOT asking you to build their real, specific use case. Topics are open-ended: any Elasticsearch / Kibana search concept the user names (e.g. mappings, analyzers, bool queries, semantic_text, kNN, RRF, aggregations, ingest pipelines, reranking, data streams, ES|QL). Tutorials use sample data on isolated resources, present every step as a SENSE snippet to run in Dev Tools, and end with cleanup plus pointers to docs and the onboarding / pattern skills.
GitHub interactions via gh CLI for the Kibana repo. Use when performing any GitHub interaction — creating, viewing, or modifying PRs or issues, posting comments or reviews, checking CI status, applying labels, creating releases, or making any gh/API call.
| name | review-connector |
| description | Review connector spec changes (spec, docs). Use when reviewing a PR involving connector specs, doing post-creation review after create-connector or build-connector, or preparing a connector PR checklist. |
Use this skill when reviewing or preparing changes to a connector spec (spec code, documentation). Apply the checklist below; use the optional thorough check when the user asks for deeper validation against the vendor API.
If the connector is MCP-native, apply the MCP-specific checks in reference/mcp-connectors.md in addition to the items below.
src/platform/packages/shared/kbn-connector-specs/src/specs/metadata.id (e.g. .zendesk) and ConnectorIconsMap key match. IDs must start with a dot.metadata.description quality: The description must list the key actions the connector supports and the objects
they operate on (e.g., "Search messages, list public channels, and send messages in Slack"). Flag descriptions that
are vague ("Connect to X to pull data"), say nothing about capabilities ("Kibana Stack Connector for X"), or omit
actions the connector actually provides. Keep to one sentence, ~15 words.schema has .meta() with at least label (or uses a UISchemas.* helper).
Otherwise fields render as unlabeled..describe() so the Workflow editor shows helpful descriptions when mapping inputs.defaults value must be paired with { hidden: true } in overrides.meta
so the field is invisible in the form. Defaults for visible fields will overwrite encrypted user values on "Edit".
For fields where the user must enter their own value (e.g. tenant-specific URLs), use placeholder in
overrides.meta instead of a default. For fields that should never be edited (e.g. fixed OAuth endpoints, scopes),
use both a default and { hidden: true }. Flag any visible auth field that has a default without { hidden: true }.all_specs.ts. Do not add unused/cargo-culted flags; only set flags the platform or this
connector actually uses.z.infer<> types must live in a separate
types.ts file alongside the spec (not inline in the spec file, and not as as casts in handlers).
Handlers must be typed with the inferred type (e.g. handler: async (ctx, input: SearchInput) => {}),
not input as { field: string }. See servicenow_search/types.ts for the canonical pattern.isTool: Actions intended for AI agent use should set isTool: true (the default is false, which hides the
action from Agent Builder). Most actions should be tools. Flag actions that are missing isTool: true unless there
is a clear reason to hide them (e.g. destructive or admin-only operations).description field that clearly explains its purpose, when to use it, and what it returns.
Flag actions with missing, vague, or generic descriptions that would not help an LLM choose the right action.i18n.translate().
In contrast, metadata.description IS shown in the UI and MUST use i18n.translate(). Flag any action description
wrapped in i18n.translate(), and flag any metadata.description that is a plain string without i18n..describe() with useful guidance: examples, constraints, format hints (e.g. query syntax,
allowed values, units). Params without .describe() leave LLMs guessing — flag them.skill property (if present) covers multi-step patterns, common gotchas, and cross-action references that
help an LLM use the connector correctly. Review for accuracy and completeness. The skill should NOT repeat
information already in action description fields or param .describe() calls — it should add higher-level
guidance that cannot be expressed per-action (e.g. "call X before Y", auth-mode differences, pagination patterns,
typical workflows). Flag skill content that is redundant with individual action/param descriptions.slack/, github/, servicenow_search/)TODO: placeholders)docs/reference/connectors-kibana/_snippets/elastic-connectors-list.md entry filled indocs/reference/toc.yml entry exists in the correct sectionIf the PR includes documentation changes in docs/reference/connectors-kibana/, run the following skills on each
connector doc file. These require skills from https://github.com/elastic/elastic-docs-skills — if any are
unavailable, tell the user to install them (curl -sSL https://raw.githubusercontent.com/elastic/elastic-docs-skills/main/install.sh | bash).
docs-check-style — Elastic style guide compliance. Flag violations.crosslink-validator — Validate cross-links resolve. Flag broken links.frontmatter-audit — Check applies_to, description, navigation_title completeness.content-type-checker — Verify page follows correct content type guidelines.applies-to-tagging — Validate applies_to tags match connector availability.Report documentation issues alongside code issues.
.servicenow_search)=== / !==), follow repo style (early returns, explicit
types, no any)base_url, endpoint, webhook_url)
must be validated. URLs should be allowlisted, restricted to HTTPS, or otherwise prevented from being user-controlled
in a way that could trigger requests to internal/private hosts. Flag any case where a user-supplied URL flows
directly into a network call without validation.logger.debug, console.log, or any
logging that captures query, input, prompt, or similar fields; flag these as high-risk.who_am_i, get_current_user, list_projects, get_table_schema, list_spaces. Without these, an agent
must guess IDs or structure before it can call other tools. Flag if the set has no discovery/metadata tooling.get_issue_by_id,
get_ticket_by_id, get_task_by_id). Where practical, these should be consolidated into one tool with a type
enum parameter. Flag redundant tools and suggest a merged alternative.List all issues found. If no issues, note that the code looks good.
Run when the user asks for thorough or deep validation. Same areas as the checklist, with deeper validation: