Open-source agent skills - teach AI coding assistants to use ggshield
Release Date: May 21, 2026
Developers are writing more code than ever with Claude Code, Cursor, and other AI assistants - and a lot of that code touches secrets. The new open-source GitGuardian/agent-skills repository ships skills that teach those agents how to use ggshield: when to scan, how to read findings, and how to walk the developer through remediation.
What's in it?
- Claude Code plugin: a one-command install (
/plugin install ggshield) that makes the skill available to Claude Code - the agent invokes it when the developer asks to scan, validate a token, or remediate a leaked credential. - Cursor rules & commands: the same skill packaged for Cursor, exposing the ggshield workflow so the agent can call it on demand.
- Defense in depth (optional): layer the ggshield agent hook on top (
ggshield install -t claude-code) - unlike the skill, the hook runs automatically and scans every prompt, tool call, and tool output from inside the agent.
Why is this important?
We are meeting developers where they already are - no new tool to adopt, no workflow change. When the developer brings up secret scanning, key validation, or a leaked credential, the agent now knows to reach for ggshield, how to interpret the findings, and how to guide remediation in context. Pair it with the ggshield hook for fully automated, agent-side scanning. Either way, fewer secrets slip through AI-assisted development - with zero friction added to the developer's day.
Get Started Today!
The repository is public, MIT-licensed, and ready to demo:
- Browse the skills on GitHub
- Install the Claude Code plugin with
/plugin install ggshield - Or drop the Cursor rules into your
.cursor/directory
Contributions and feedback are welcome - open an issue or a pull request on the repo.
Fixes
- Perimeter: Fixed an issue where unmonitored sources were incorrectly displayed as deleted in the user interface.
