feat: add agent-governance skill — governance patterns for AI agent systems

[imran-siddique]

Summary

Adds agent-governance — a skill teaching Copilot governance patterns for AI agent systems. This is the first security/governance-focused skill in the collection.

What's Included

skills/agent-governance/SKILL.md covers 6 core patterns:

Pattern	Description
Governance Policy	Declarative policies with allowlists, blocklists, content filters, rate limits. YAML-driven configuration.
Policy Composition	Most-restrictive-wins merging of org → team → agent policies.
Semantic Intent Classification	Pre-flight threat detection: data exfiltration, privilege escalation, prompt injection, system destruction.
Tool-Level Governance Decorator	@govern(policy) decorator wrapping tool functions with policy enforcement + audit.
Trust Scoring	Decay-based trust scores for multi-agent delegation with reliability tracking.
Audit Trail	Append-only event log for compliance — every tool call logged with decision + policy name.

Framework Coverage

Includes integration examples for:

• PydanticAI — @agent.tool + @govern() composition
• CrewAI — Crew-level governance wrapping all agent tools
• OpenAI Agents SDK — @function_tool + @govern() pattern

When Copilot Activates This Skill

From the description trigger:

• Building AI agents that call external tools
• Implementing policy-based access controls
• Adding threat detection to agent prompts
• Creating trust scoring for multi-agent workflows
• Building audit trails for agent actions

Validation

✅ npm run skill:validate — All 51 skills valid
✅ npm run build — README.skills.md updated

Context

We're building Agent-OS and AgentMesh Integrations — governance frameworks for AI agent systems with integrations for PydanticAI, CrewAI, and OpenAI Agents. This skill distills those patterns into practical guidance Copilot can apply when users build agent code.

[Copilot]

Pull request overview

This pull request introduces the agent-governance skill, the first security and governance-focused skill in the Awesome Copilot collection. It provides comprehensive patterns and code examples for implementing safety controls, policy enforcement, and audit trails in AI agent systems. The skill targets developers building production AI agents that need governance controls for tool usage, multi-agent trust, and compliance requirements.

Changes:

• New skill covering 6 core governance patterns: declarative policies, policy composition, semantic intent classification, tool-level decorators, trust scoring, and audit trails
• Framework integration examples for PydanticAI, CrewAI, and OpenAI Agents SDK
• Comprehensive best practices and implementation checklist for agent governance
• Updated README.skills.md index with new entry

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
skills/agent-governance/SKILL.md	New 564-line skill document covering governance patterns, code examples, framework integrations, and best practices for AI agent safety and control
docs/README.skills.md	Added alphabetically-sorted entry for agent-governance skill in the skills index table

[imran-siddique]

All review comments addressed in latest push:

• File path validation (line 502): Now uses \os.path.realpath()\ for path traversal protection + \with open()\ context manager to prevent resource leaks
• Inclusive terminology: Updated whitelist/blacklist → allowlist/blocklist in comments

Validated:
pm run skill:validate\ ✅
pm run build\ ✅