feat(skills): sync AGENTS.md to AI-specific formats

.github/workflows/api-code-quality.yml

@@ -46,6 +46,7 @@ jobs:
             api/docs/**
             api/README.md
             api/CHANGELOG.md
+            api/AGENTS.md
 
       - name: Setup Python with Poetry
         if: steps.check-changes.outputs.any_changed == 'true'

.github/workflows/api-container-checks.yml

@@ -74,6 +74,7 @@ jobs:
             api/docs/**
             api/README.md
             api/CHANGELOG.md
+            api/AGENTS.md
 
       - name: Set up Docker Buildx
         if: steps.check-changes.outputs.any_changed == 'true'

.github/workflows/api-security.yml

@@ -46,6 +46,7 @@ jobs:
             api/docs/**
             api/README.md
             api/CHANGELOG.md
+            api/AGENTS.md
 
       - name: Setup Python with Poetry
         if: steps.check-changes.outputs.any_changed == 'true'

.github/workflows/api-tests.yml

@@ -86,6 +86,7 @@ jobs:
             api/docs/**
             api/README.md
             api/CHANGELOG.md
+            api/AGENTS.md
 
       - name: Setup Python with Poetry
         if: steps.check-changes.outputs.any_changed == 'true'

.github/workflows/sdk-code-quality.yml

@@ -47,6 +47,7 @@ jobs:
             ui/**
             dashboard/**
             mcp_server/**
+            skills/**
             README.md
             mkdocs.yml
             .backportrc.json
@@ -55,6 +56,7 @@ jobs:
             examples/**
             .gitignore
             contrib/**
+            **/AGENTS.md
 
       - name: Install Poetry
         if: steps.check-changes.outputs.any_changed == 'true'

.github/workflows/sdk-container-checks.yml

@@ -78,6 +78,7 @@ jobs:
             ui/**
             dashboard/**
             mcp_server/**
+            skills/**
             README.md
             mkdocs.yml
             .backportrc.json
@@ -86,6 +87,7 @@ jobs:
             examples/**
             .gitignore
             contrib/**
+            **/AGENTS.md
 
       - name: Set up Docker Buildx
         if: steps.check-changes.outputs.any_changed == 'true'

.github/workflows/sdk-security.yml

@@ -42,6 +42,7 @@ jobs:
             ui/**
             dashboard/**
             mcp_server/**
+            skills/**
             README.md
             mkdocs.yml
             .backportrc.json
@@ -50,6 +51,7 @@ jobs:
             examples/**
             .gitignore
             contrib/**
+            **/AGENTS.md
 
       - name: Install Poetry
         if: steps.check-changes.outputs.any_changed == 'true'

.github/workflows/sdk-tests.yml

@@ -47,6 +47,7 @@ jobs:
             ui/**
             dashboard/**
             mcp_server/**
+            skills/**
             README.md
             mkdocs.yml
             .backportrc.json
@@ -55,6 +56,7 @@ jobs:
             examples/**
             .gitignore
             contrib/**
+            **/AGENTS.md
 
       - name: Install Poetry
         if: steps.check-changes.outputs.any_changed == 'true'

.github/workflows/ui-container-checks.yml

@@ -73,6 +73,7 @@ jobs:
           files_ignore: |
             ui/CHANGELOG.md
             ui/README.md
+            ui/AGENTS.md
 
       - name: Set up Docker Buildx
         if: steps.check-changes.outputs.any_changed == 'true'

.github/workflows/ui-tests.yml

@@ -42,6 +42,7 @@ jobs:
           files_ignore: |
             ui/CHANGELOG.md
             ui/README.md
+            ui/AGENTS.md
 
       - name: Setup Node.js ${{ env.NODE_VERSION }}
         if: steps.check-changes.outputs.any_changed == 'true'

.gitignore

@@ -150,8 +150,10 @@ node_modules
 # Persistent data
 _data/
 
-# Claude
+# AI Instructions (generated by skills/setup.sh from AGENTS.md)
 CLAUDE.md
+GEMINI.md
+.github/copilot-instructions.md
 
 # Compliance report
 *.pdf

AGENTS.md

@@ -36,11 +36,63 @@ Use these skills for detailed patterns on-demand:
 | `prowler-test-api` | API testing (pytest-django + RLS) | [SKILL.md](skills/prowler-test-api/SKILL.md) |
 | `prowler-test-ui` | E2E testing (Playwright) | [SKILL.md](skills/prowler-test-ui/SKILL.md) |
 | `prowler-compliance` | Compliance framework structure | [SKILL.md](skills/prowler-compliance/SKILL.md) |
+| `prowler-compliance-review` | Review compliance framework PRs | [SKILL.md](skills/prowler-compliance-review/SKILL.md) |
 | `prowler-provider` | Add new cloud providers | [SKILL.md](skills/prowler-provider/SKILL.md) |
+| `prowler-ci` | CI checks and PR gates (GitHub Actions) | [SKILL.md](skills/prowler-ci/SKILL.md) |
 | `prowler-pr` | Pull request conventions | [SKILL.md](skills/prowler-pr/SKILL.md) |
 | `prowler-docs` | Documentation style guide | [SKILL.md](skills/prowler-docs/SKILL.md) |
 | `skill-creator` | Create new AI agent skills | [SKILL.md](skills/skill-creator/SKILL.md) |
 
+### Auto-invoke Skills
+
+When performing these actions, ALWAYS invoke the corresponding skill FIRST:
+
+| Action | Skill |
+|--------|-------|
+| Adding new providers | `prowler-provider` |
+| Adding services to existing providers | `prowler-provider` |
+| After creating/modifying a skill | `skill-sync` |
+| App Router / Server Actions | `nextjs-15` |
+| Building AI chat features | `ai-sdk-5` |
+| Create a PR with gh pr create | `prowler-pr` |
+| Creating Zod schemas | `zod-4` |
+| Creating new checks | `prowler-sdk-check` |
+| Creating new skills | `skill-creator` |
+| Creating/modifying Prowler UI components | `prowler-ui` |
+| Creating/modifying models, views, serializers | `prowler-api` |
+| Creating/updating compliance frameworks | `prowler-compliance` |
+| Debug why a GitHub Actions job is failing | `prowler-ci` |
+| Fill .github/pull_request_template.md (Context/Description/Steps to review/Checklist) | `prowler-pr` |
+| General Prowler development questions | `prowler` |
+| Generic DRF patterns | `django-drf` |
+| Inspect PR CI checks and gates (.github/workflows/*) | `prowler-ci` |
+| Inspect PR CI workflows (.github/workflows/*): conventional-commit, pr-check-changelog, pr-conflict-checker, labeler | `prowler-pr` |
+| Mapping checks to compliance controls | `prowler-compliance` |
+| Mocking AWS with moto in tests | `prowler-test-sdk` |
+| Regenerate AGENTS.md Auto-invoke tables (sync.sh) | `skill-sync` |
+| Review PR requirements: template, title conventions, changelog gate | `prowler-pr` |
+| Reviewing compliance framework PRs | `prowler-compliance-review` |
+| Testing RLS tenant isolation | `prowler-test-api` |
+| Troubleshoot why a skill is missing from AGENTS.md auto-invoke | `skill-sync` |
+| Understand CODEOWNERS/labeler-based automation | `prowler-ci` |
+| Understand PR title conventional-commit validation | `prowler-ci` |
+| Understand changelog gate and no-changelog label behavior | `prowler-ci` |
+| Understand review ownership with CODEOWNERS | `prowler-pr` |
+| Updating existing checks and metadata | `prowler-sdk-check` |
+| Using Zustand stores | `zustand-5` |
+| Working on MCP server tools | `prowler-mcp` |
+| Working on Prowler UI structure (actions/adapters/types/hooks) | `prowler-ui` |
+| Working with Prowler UI test helpers/pages | `prowler-test-ui` |
+| Working with Tailwind classes | `tailwind-4` |
+| Writing Playwright E2E tests | `playwright` |
+| Writing Prowler API tests | `prowler-test-api` |
+| Writing Prowler SDK tests | `prowler-test-sdk` |
+| Writing Prowler UI E2E tests | `prowler-test-ui` |
+| Writing Python tests with pytest | `pytest` |
+| Writing React components | `react-19` |
+| Writing TypeScript types/interfaces | `typescript` |
+| Writing documentation | `prowler-docs` |
+
 ---
 
 ## Project Overview

api/AGENTS.md

@@ -6,6 +6,20 @@
 > - [`django-drf`](../skills/django-drf/SKILL.md) - Generic DRF patterns
 > - [`pytest`](../skills/pytest/SKILL.md) - Generic pytest patterns
 
+### Auto-invoke Skills
+
+When performing these actions, ALWAYS invoke the corresponding skill FIRST:
+
+| Action | Skill |
+|--------|-------|
+| Creating/modifying models, views, serializers | `prowler-api` |
+| Generic DRF patterns | `django-drf` |
+| Testing RLS tenant isolation | `prowler-test-api` |
+| Writing Prowler API tests | `prowler-test-api` |
+| Writing Python tests with pytest | `pytest` |
+
+---
+
 ## CRITICAL RULES - NON-NEGOTIABLE
 
 ### Models

docs/developer-guide/ai-skills.mdx

@@ -128,8 +128,10 @@ flowchart TB
             P5["prowler-mcp"]
             P6["prowler-provider"]
             P7["prowler-compliance"]
-            P8["prowler-docs"]
-            P9["prowler-pr"]
+            P8["prowler-compliance-review"]
+            P9["prowler-docs"]
+            P10["prowler-pr"]
+            P11["prowler-ci"]
         end
 
         subgraph TESTING["Testing Skills"]
@@ -140,6 +142,7 @@ flowchart TB
 
         subgraph META["Meta Skills"]
             M1["skill-creator"]
+            M2["skill-sync"]
         end
     end
 
@@ -189,9 +192,9 @@ flowchart TB
 | Type | Skills |
 |------|--------|
 | **Generic** | typescript, react-19, nextjs-15, tailwind-4, pytest, playwright, django-drf, zod-4, zustand-5, ai-sdk-5 |
-| **Prowler** | prowler, prowler-sdk-check, prowler-api, prowler-ui, prowler-mcp, prowler-provider, prowler-compliance, prowler-docs, prowler-pr |
+| **Prowler** | prowler, prowler-sdk-check, prowler-api, prowler-ui, prowler-mcp, prowler-provider, prowler-compliance, prowler-compliance-review, prowler-docs, prowler-pr, prowler-ci |
 | **Testing** | prowler-test-sdk, prowler-test-api, prowler-test-ui |
-| **Meta** | skill-creator |
+| **Meta** | skill-creator, skill-sync |
 
 ## Skill Structure
 

prowler/AGENTS.md

@@ -7,6 +7,25 @@
 > - [`prowler-compliance`](../skills/prowler-compliance/SKILL.md) - Compliance framework structure
 > - [`pytest`](../skills/pytest/SKILL.md) - Generic pytest patterns
 
+### Auto-invoke Skills
+
+When performing these actions, ALWAYS invoke the corresponding skill FIRST:
+
+| Action | Skill |
+|--------|-------|
+| Adding new providers | `prowler-provider` |
+| Adding services to existing providers | `prowler-provider` |
+| Creating new checks | `prowler-sdk-check` |
+| Creating/updating compliance frameworks | `prowler-compliance` |
+| Mapping checks to compliance controls | `prowler-compliance` |
+| Mocking AWS with moto in tests | `prowler-test-sdk` |
+| Reviewing compliance framework PRs | `prowler-compliance-review` |
+| Updating existing checks and metadata | `prowler-sdk-check` |
+| Writing Prowler SDK tests | `prowler-test-sdk` |
+| Writing Python tests with pytest | `pytest` |
+
+---
+
 ## Project Overview
 
 The Prowler SDK is the core Python engine powering cloud security assessments across AWS, Azure, GCP, Kubernetes, GitHub, M365, and more. It includes 1000+ security checks and 30+ compliance frameworks.

skills/README.md

@@ -83,6 +83,7 @@ Patterns tailored for Prowler development:
 | Skill | Description |
 |-------|-------------|
 | `skill-creator` | Create new AI agent skills |
+| `skill-sync` | Sync skill metadata to AGENTS.md Auto-invoke sections |
 
 ## Directory Structure
 
@@ -96,6 +97,20 @@ skills/
 └── README.md                 # This file
 ```
 
+## Why Auto-invoke Sections?
+
+**Problem**: AI assistants (Claude, Gemini, etc.) don't reliably auto-invoke skills even when the `Trigger:` in the skill description matches the user's request. They treat skill suggestions as "background noise" and barrel ahead with their default approach.
+
+**Solution**: The `AGENTS.md` files in each directory contain an **Auto-invoke Skills** section that explicitly commands the AI: "When performing X action, ALWAYS invoke Y skill FIRST." This is a [known workaround](https://scottspence.com/posts/claude-code-skills-dont-auto-activate) that forces the AI to load skills.
+
+**Automation**: Instead of manually maintaining these sections, run `skill-sync` after creating or modifying a skill:
+
+```bash
+./skills/skill-sync/assets/sync.sh
+```
+
+This reads `metadata.scope` and `metadata.auto_invoke` from each `SKILL.md` and generates the Auto-invoke tables in the corresponding `AGENTS.md` files.
+
 ## Creating New Skills
 
 Use the `skill-creator` skill for guidance:
@@ -108,9 +123,11 @@ Read skills/skill-creator/SKILL.md
 
 1. Create directory: `skills/{skill-name}/`
 2. Add `SKILL.md` with required frontmatter
-3. Keep content concise (under 500 lines)
-4. Reference existing docs instead of duplicating
-5. Add to `AGENTS.md` skills table
+3. Add `metadata.scope` and `metadata.auto_invoke` fields
+4. Keep content concise (under 500 lines)
+5. Reference existing docs instead of duplicating
+6. Run `./skills/skill-sync/assets/sync.sh` to update AGENTS.md
+7. Add to `AGENTS.md` skills table (if not auto-generated)
 
 ## Design Principles
 

skills/ai-sdk-5/SKILL.md

@@ -2,11 +2,13 @@
 name: ai-sdk-5
 description: >
   Vercel AI SDK 5 patterns.
-  Trigger: When building AI chat features - breaking changes from v4.
+  Trigger: When building AI features with AI SDK v5 (chat, streaming, tools/function calling, UIMessage parts), including migration from v4.
 license: Apache-2.0
 metadata:
   author: prowler-cloud
   version: "1.0"
+  scope: [root, ui]
+  auto_invoke: "Building AI chat features"
 allowed-tools: Read, Edit, Write, Glob, Grep, Bash, WebFetch, WebSearch, Task
 ---
 

skills/django-drf/SKILL.md

@@ -2,11 +2,13 @@
 name: django-drf
 description: >
   Django REST Framework patterns.
-  Trigger: When building REST APIs with Django - ViewSets, Serializers, Filters.
+  Trigger: When implementing generic DRF APIs (ViewSets, serializers, routers, permissions, filtersets). For Prowler API specifics (RLS/JSON:API), also use prowler-api.
 license: Apache-2.0
 metadata:
   author: prowler-cloud
   version: "1.0"
+  scope: [root, api]
+  auto_invoke: "Generic DRF patterns"
 allowed-tools: Read, Edit, Write, Glob, Grep, Bash, WebFetch, WebSearch, Task
 ---
 

skills/nextjs-15/SKILL.md

@@ -2,11 +2,13 @@
 name: nextjs-15
 description: >
   Next.js 15 App Router patterns.
-  Trigger: When working with Next.js - routing, Server Actions, data fetching.
+  Trigger: When working in Next.js App Router (app/), Server Components vs Client Components, Server Actions, Route Handlers, caching/revalidation, and streaming/Suspense.
 license: Apache-2.0
 metadata:
   author: prowler-cloud
   version: "1.0"
+  scope: [root, ui]
+  auto_invoke: "App Router / Server Actions"
 allowed-tools: Read, Edit, Write, Glob, Grep, Bash, WebFetch, WebSearch, Task
 ---
 

skills/playwright/SKILL.md

@@ -2,11 +2,13 @@
 name: playwright
 description: >
   Playwright E2E testing patterns.
-  Trigger: When writing E2E tests - Page Objects, selectors, MCP workflow.
+  Trigger: When writing Playwright E2E tests (Page Object Model, selectors, MCP exploration workflow). For Prowler-specific UI conventions under ui/tests, also use prowler-test-ui.
 license: Apache-2.0
 metadata:
   author: prowler-cloud
   version: "1.0"
+  scope: [root, ui]
+  auto_invoke: "Writing Playwright E2E tests"
 allowed-tools: Read, Edit, Write, Glob, Grep, Bash, WebFetch, WebSearch, Task
 ---
 

skills/prowler-api/SKILL.md

@@ -1,12 +1,14 @@
 ---
 name: prowler-api
 description: >
-  Prowler API patterns: RLS, RBAC, providers, Celery tasks.
-  Trigger: When working on api/ - models, serializers, views, filters, tasks.
+  Prowler API patterns: JSON:API, RLS, RBAC, providers, Celery tasks.
+  Trigger: When working in api/ on models/serializers/viewsets/filters/tasks involving tenant isolation (RLS), RBAC, JSON:API, or provider lifecycle.
 license: Apache-2.0
 metadata:
   author: prowler-cloud
   version: "1.0"
+  scope: [root, api]
+  auto_invoke: "Creating/modifying models, views, serializers"
 allowed-tools: Read, Edit, Write, Glob, Grep, Bash, WebFetch, WebSearch, Task
 ---