sail-skill
Health Gecti
- License — License: NOASSERTION
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 116 GitHub stars
Code Gecti
- Code scan — Scanned 3 files during light audit, no dangerous patterns found
Permissions Gecti
- Permissions — No dangerous permissions requested
Bu listing icin henuz AI raporu yok.
SAIL V2 (Secure AI Lifecycle) as an agent skill — the full 91-risk catalog for AI/agent gap assessments, security roadmaps, and compliance checklists. Installs on Claude Code, Codex, ChatGPT, Antigravity, and any SKILL.md-compatible agent.
SAIL Skill — Secure AI Lifecycle by Pillar Security
An agent skill that applies SAIL V2 — Pillar Security's Secure AI Lifecycle framework — to real systems. It bundles the full SAIL V2 risk catalog (91 risks across 7 lifecycle phases, each with mitigations and standards mappings) as reference files the agent reads on demand, so every answer is grounded in the actual catalog: real SAIL IDs, real mappings, no hallucinated controls.
This repository is also a Claude Code plugin marketplace — one-command install for Claude Code, prebuilt archives for everything else.
What it does
The skill triggers whenever you work on AI/agent security. It can:
- Assess an agent or system — full SAIL gap analysis with a component chart and all 91 risks dispositioned
- Build a security roadmap and maturity assessment
- Generate compliance checklists (ISO/IEC 42001, EU AI Act, OWASP LLM/Agentic, DASF, AIUC-1)
- Prioritize controls and produce cross-team alignment artifacts
- Create vendor RFPs (security-vendor coverage questionnaires or platform-vendor security questionnaires)
- Answer questions about SAIL — "What does SAIL 5.17 cover?" cites the catalog row
Example prompts (any harness — the skill triggers automatically):
- "We're deploying an autonomous support agent built on LangGraph with MCP servers for Zendesk and Postgres — do a security review I can share with our CISO."
- "Generate a security control checklist organized by EU AI Act articles."
- "Build me an AI security roadmap — we have agents in production but no AI policy yet."
- "Write the security section of an RFP for a managed agent platform."
In Claude Code you additionally get five entry points:
| Command | What it does |
|---|---|
/sail |
Interactive launcher — guided intake, picks the right workflow |
/sail:assess [path] |
Full gap analysis of the agent in the current repo (or path) — all 91 risks dispositioned, written to SAIL-assessment.md |
/sail:roadmap [hints] |
7-phase security roadmap + per-phase maturity profile |
/sail:comply [frameworks] |
Compliance checklist — all five frameworks, or just those named (eu-ai-act, iso-42001, owasp, dasf, aiuc-1) |
/sail:rfp [security|platform] [vendor] |
Vendor RFP questionnaire — security-vendor coverage by default |
The /sail:* commands run immediately with smart defaults — no intake questions.
Installation
Pick your harness/software in the matrix, then follow its section below.
| Harness / software | Install | Details |
|---|---|---|
| Claude Code (CLI / IDE / desktop) | /plugin marketplace add pillar-labs/sail-skill/plugin install sail@pillar-security |
§ Claude Code |
| Claude.ai / Desktop / Cowork | Customize → Skills → upload dist/sail-skill.zip |
§ Claude.ai / Desktop / Cowork |
| OpenAI Codex CLI | $skill-installer install https://github.com/pillar-labs/sail-skill/tree/main/sail/skills/sail |
§ OpenAI Codex CLI |
| Google Antigravity (IDE / CLI) | npx skills add https://github.com/pillar-labs/sail-skill/tree/main/sail/skills/sail -a antigravity -g -y |
§ Google Antigravity |
| pi | pi install https://github.com/pillar-labs/sail-skill |
§ pi |
| ChatGPT (all plans) | chatgpt.com/skills → New skill → upload dist/sail-skill.zip |
§ ChatGPT |
| opencode | cp -r sail/skills/sail ~/.config/opencode/skills/sail |
§ opencode |
| Other SKILL.md-compatible agents | npx skills add https://github.com/pillar-labs/sail-skill/tree/main/sail/skills/sail -g -y |
§ Other agents |
Slash commands are Claude Code-only. Everywhere else you get the full skill — it triggers automatically on AI/agent-security intent, and the guided intake replaces the commands.
🤖 AI agents: reading this README to install the skill yourself? Jump straight to § For agents.
For agents
If you are an AI agent reading this README to install the skill, follow these steps — no human input needed.
- Locate the skill source. If you are inside a clone of this repo, the skill folder is
sail/skills/sail/(it containsSKILL.mdandreferences/). If not, clone the repo first, or unzipdist/sail-skill.zip— it extracts to a top-levelsail/skill folder.- If your harness has a skill installer, prefer it:
# OpenAI Codex (in-session): $skill-installer install https://github.com/pillar-labs/sail-skill/tree/main/sail/skills/sail # Google Antigravity (and 20+ other agents via Vercel's skills CLI): npx skills add https://github.com/pillar-labs/sail-skill/tree/main/sail/skills/sail -a antigravity -g -y # pi: pi install https://github.com/pillar-labs/sail-skillOtherwise, copy the skill folder to your harness's skills directory:
# Claude Code (or if unsure — most harnesses read this path): mkdir -p ~/.claude/skills && cp -r sail/skills/sail ~/.claude/skills/sail # Shared directory read by Codex, Antigravity, pi, and opencode: mkdir -p ~/.agents/skills && cp -r sail/skills/sail ~/.agents/skills/sail # opencode (native path): mkdir -p ~/.config/opencode/skills && cp -r sail/skills/sail ~/.config/opencode/skills/sail # Project-scoped variants: .claude/skills/ · .agents/skills/ · .opencode/skills/ at the repo root
- Verify: the file
<skills-dir>/sail/SKILL.mdexists and its frontmatternameissail. The skill loads in the next session — tell your user to restart/reload, then test with "What does SAIL 5.17 cover?" (expected: cites Maker-Identity Inheritance in Low-Code Agents).- Claude Code bonus: for the
/sail:*commands, tell your user to run/plugin marketplace add pillar-labs/sail-skilland/plugin install sail@pillar-securityinstead of (or in addition to) the copy — plugin slash commands can't be installed by copying files.- Sandboxed harnesses with no filesystem skills dir (Claude.ai, Cowork, ChatGPT): you cannot self-install; point your user to the matching section below and hand them
dist/sail-skill.zip.
Claude Code
/plugin marketplace add pillar-labs/sail-skill
/plugin install sail@pillar-security
Manual copy (no plugin system):
cp -r sail/skills/sail ~/.claude/skills/sail # personal, all projects
cp -r sail/skills/sail <project>/.claude/skills/sail # per-project
Claude.ai / Desktop / Cowork
One skills system across claude.ai, the Claude Desktop app, and Cowork — install once, it syncs with your claude.ai account and works everywhere.
- Enable Code execution under Settings → Capabilities (once).
- Go to Customize → Skills → + → Upload a skill (in Cowork: Customize in the left sidebar → Skills).
- Upload
dist/sail-skill.zip. (If you usedist/sail.skill, rename it to.zipfirst — same archive.) - Claude applies the skill automatically; in Cowork you can also type
/and pick sail. Test with "What does SAIL 5.17 cover?" — the answer should cite the catalog row. Team/Enterprise admins can share it org-wide (Organization settings → Skills).
OpenAI Codex CLI
Easiest — inside a Codex session, the built-in installer takes this repo's URL directly:
$skill-installer install https://github.com/pillar-labs/sail-skill/tree/main/sail/skills/sail
Codex picks up new skills automatically (restart if it doesn't appear). Manual alternative — Codex discovers skills in ~/.agents/skills (personal) or .agents/skills (project):
mkdir -p ~/.agents/skills && cp -r sail/skills/sail ~/.agents/skills/sail
Invoke explicitly with $sail (type $ or /skills in the TUI) or just ask about AI/agent security and let the description trigger it.
Google Antigravity
Antigravity (IDE and CLI) reads SKILL.md skills from .agents/skills (workspace) and ~/.agents/skills (user). Google's codelabs endorse the skills CLI for installation:
npx skills add https://github.com/pillar-labs/sail-skill/tree/main/sail/skills/sail -a antigravity -g -y
(Drop -g for a workspace-level install.) On older CLI builds that only read ~/.gemini/antigravity-cli/skills/, move or copy the installed sail/ folder there. Manual alternative: cp -r sail/skills/sail ~/.agents/skills/sail.
pi
The repo ships a pi package manifest, so it's a one-liner:
pi install https://github.com/pillar-labs/sail-skill
pi also reads ~/.agents/skills, so a Codex or Antigravity install covers pi too (and vice versa via the shared directory).
ChatGPT
Skills are available on all ChatGPT plans at chatgpt.com/skills:
- Open chatgpt.com/skills → New skill → Upload from your computer.
- Upload
dist/sail-skill.zip. - ChatGPT scans the upload and the skill becomes available; workspace admins (Business/Enterprise/Edu) can share it org-wide.
opencode
# per-project
mkdir -p <project>/.opencode/skills && cp -r sail/skills/sail <project>/.opencode/skills/sail
# global
mkdir -p ~/.config/opencode/skills && cp -r sail/skills/sail ~/.config/opencode/skills/sail
opencode also reads ~/.claude/skills and .agents/skills, so a Claude Code or Codex install covers it too.
Other SKILL.md-compatible agents
The skill is a plain folder — SKILL.md + references/ — following the open agent-skills format. Vercel's skills CLI installs it for 20+ agents:
npx skills add https://github.com/pillar-labs/sail-skill/tree/main/sail/skills/sail -g -y
Or copy sail/skills/sail/ into whatever skills directory your tool documents / unzip dist/sail-skill.zip there.
Usage
Guided mode (Claude Code): type /sail with no arguments.
- Inside a repo that contains an agent, the skill detects it and leads with "Assess the agent in this repository" — a full SAIL gap analysis of the code in front of it.
- Elsewhere, it runs a short top-down intake: what kind of program this is (governance, agent security, AI transformation, vendor assessment, red-team readiness) → what you have to protect → which deliverable you want.
Direct mode (any harness): just describe your task — the skill triggers automatically on AI/agent-security intent.
What's inside the skill
sail/skills/sail/
├── SKILL.md # entry point: framework structure + workflows
├── README.md # thin pointer to this page
└── references/
├── risk-index.md # all 91 risks in one table (the navigation map)
├── framework.md # exec summary, the 3 zones, the 7 phases, how to use SAIL
├── phase-1-policy.md # full risk catalog, one file per phase:
├── … # descriptions, examples, assets affected,
├── phase-7-govern.md # mitigations, standards mappings
├── definitions.md # Appendix A: component definitions
└── use-case.md # Appendix B: worked FinTech example
Repository layout
sail-skill/ marketplace repo root
├── .claude-plugin/
│ └── marketplace.json marketplace manifest
├── sail/ the "sail" plugin
│ ├── .claude-plugin/plugin.json plugin manifest
│ ├── commands/ /sail:assess · /sail:roadmap · /sail:comply · /sail:rfp
│ ├── README.md thin plugin readme
│ └── skills/sail/ the skill itself (see above)
├── dist/ prebuilt zip / .skill archives (rebuild: dist/BUILD.md)
└── package.json pi package manifest (`pi install <repo-url>`)
After editing the skill, rebuild dist/sail-skill.zip / dist/sail.skill — see dist/BUILD.md.
About SAIL
SAIL (Secure AI Lifecycle) V2 covers the agentic attack surface across three zones (code & pipeline, cloud agents, endpoint agents) and seven lifecycle phases (Policy → Discovery → Posture → Red Teaming → Runtime Controls → Sandbox → Govern), with 91 risks mapped to external standards (ISO/IEC 42001, EU AI Act, OWASP LLM & Agentic Top 10, DASF, AIUC-1). Standards mappings indicate alignment, not automatic compliance. Learn more at pillar.security.
License
© Pillar Security. This repository is licensed under CC BY-NC-SA 4.0: share and adapt for non-commercial purposes, credit "SAIL by Pillar Security", and distribute adaptations under the same license.
Additional permission: you may use this material internally within your organization, including for commercial purposes — installing the skill, running assessments, and embedding the catalog in internal documentation and tooling. Redistribution or incorporation into products or services offered to third parties requires a separate license — contact Pillar Security.
The SAIL name and the Pillar Security name and logo are trademarks of Pillar Security and are not licensed.
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi