Turn bookmarks into markdown for your agents
Turn X bookmarks, Chrome tabs + YouTube URLs into markdown for agents π¦ β
home / skills / igorwarzocha / opencode-workflows
igorwarzocha/opencode-workflows
An ever evolving repository of Opencode workflow examples that might enhance your experience with it. I only left the stuff that actually works. YMMV.
38 skills
GitHubSponsored
user-onboarding-sop
igorwarzocha/opencode-workflows
58
Generate AGENTS.md for end-user assistance. Covers setup, installation, running, and troubleshooting. This is for END-USER help, NOT developer/contributor docs. Use for /init user workflow. Examples: - user: "/init user" β user assistance AGENTS.md with official docs - user: "Create getting started guide" β installation + setup + troubleshooting - user: "Document how to use this repo" β user-focused AGENTS.md - user: "Help users run this software" β setup, prerequisites, usage patterns
repo-maintenance
igorwarzocha/opencode-workflows
58
Maintain repository integrity and documentation. Use for auditing structure, checking config validity, and reviewing inventory. Use proactively to validate the repository or sync documentation. Examples: - user: "Validate the repo" β run audit_repo.py - user: "Check agents" β run audit_repo.py, review errors - user: "Update documentation" β run sync_docs.py - user: "Check for issues" β run full audit
security-vite
igorwarzocha/opencode-workflows
58
Review Vite security audit patterns for SPA and dev server security. Use for auditing VITE_* exposure, build-time secrets, and proxy configs. Use proactively when reviewing Vite apps (vite.config.ts present). Examples: - user: "Audit Vite env vars" β check for secrets with VITE_ prefix - user: "Check Vite build config" β verify define block and source maps - user: "Review Vite dev server" β check host binding and proxy security - user: "Scan Vite bundles" β search dist/ for leaked API keys or secrets - user: "Audit Vite SPA auth" β verify server-side auth vs client route guards
security-ai-keys
igorwarzocha/opencode-workflows
58
Review AI API key leakage patterns and redaction strategies. Use for identifying exposed keys for OpenAI, Anthropic, Gemini, and 10+ other providers. Use proactively when code integrates AI providers or when environment variables/keys are present. Examples: - user: "Check for leaked OpenAI keys" β scan for `sk-` patterns and client-side exposure - user: "Is my Gemini integration secure?" β audit vertex AI config and key redaction - user: "Review AI provider logging" β ensure secrets are redacted from logs - user: "Scan for Anthropic secrets" β check for `ant-` keys in code and configs - user: "Audit Vertex AI integration" β verify proper IAM roles and service account usage
security-django
igorwarzocha/opencode-workflows
58
Review Django security audit patterns for settings and middleware. Use for auditing SECRET_KEY, DEBUG, CSRF, and auth decorators. Use proactively when reviewing Django apps (settings.py or manage.py present). Examples: - user: "Audit my Django settings.py" β check SECRET_KEY, DEBUG, and ALLOWED_HOSTS - user: "Check Django views for auth" β verify @login_required and permission classes - user: "Review Django CSRF config" β check middleware and @csrf_exempt usage - user: "Scan for SQL injection in Django" β find raw SQL usage instead of ORM - user: "Audit Django REST framework config" β check default permissions and auth
model-researcher
igorwarzocha/opencode-workflows
58
Add new/custom AI models to opencode.json. Use proactively for bleeding-edge releases, non-standard providers, self-hosted models, or custom endpoints. Examples: - user: "Add the new Claude 4.5" β websearch for API specs, add provider entry with baseUrl, verify model ID format - user: "Use my local Ollama instance" β configure custom provider with http://localhost:11434, set model ID format - user: "Configure this OpenAI-compatible proxy" β add provider with custom baseUrl, set apikey env var, verify compatibility - user: "Model X just released, add it" β research provider documentation, find model ID and capabilities, add to config
convex-deploy
igorwarzocha/opencode-workflows
58
Implement Convex deployment workflows, environments, and CI/CD configuration. Use for dev/prod/preview deployments, deploy keys, local deployments, environment variables, schema/index rollout safety, and HTTP action URLs. Use proactively when users mention deploy, preview, staging, CI, env vars, or local backend. Examples: - user: "Set up Convex deploy in CI" β configure deploy key + npx convex deploy steps - user: "How do preview deployments work?" β explain preview keys, lifecycle, limits - user: "Deploy to prod safely" β list safe schema/function change patterns - user: "Use local convex" β explain npx convex dev --local and limitations
vite-shadcn-tailwind4
igorwarzocha/opencode-workflows
58
Initialize shadcn/ui + Tailwind CSS v4 in Vite projects (Vite-specific, not Next.js/Remix). Use proactively for Vite project setup, shadcn component installation, or Tailwind v4 configuration. Examples: - user: "Setup shadcn in my Vite project" β install deps, configure tailwind v4 CSS-first, init shadcn, verify components work - user: "Add shadcn to existing Vite app" β check existing config, install CLI, add components.json, update CSS imports - user: "Use Tailwind v4 with shadcn" β configure @import with @theme, remove v3 config, setup custom tokens - user: "Create Vite + React + shadcn project" β scaffold Vite, install shadcn, configure theme, add sample components
security-docker
igorwarzocha/opencode-workflows
58
Review Docker and container security audit patterns. Use for auditing secrets in layers, port exposure, and non-root users. Use proactively when Dockerfile or docker-compose.yml is present. Examples: - user: "Audit this Dockerfile" β check for secrets in ENV/ARG and non-root USER - user: "Review docker-compose ports" β find accidentally exposed databases - user: "Check for secrets in image history" β audit layers and build artifacts - user: "Optimize Docker security" β implement multi-stage builds and minimal base images - user: "Audit container privileges" β check for privileged: true or docker.sock mounts
cowork
igorwarzocha/opencode-workflows
58
Principles and patterns for effective collaborative work (coworking). Use for aligning agents on communication etiquette, workspace hygiene, and feedback loops. Use proactively when coordinating multi-agent workflows, managing vault hygiene, or standardizing status updates. Examples: - user: "How should we work together?" -> review coworking principles - user: "Give me a status update" -> use 3P status reporting pattern - user: "Keep the workspace clean" -> apply vault hygiene rules - user: "Coordinate the specialists" -> follow collaboration patterns
agent-navigation-sop
igorwarzocha/opencode-workflows
58
Generate AGENTS.md for AI agent navigation. Covers build/test commands, coding conventions, task routing, and codebase structure. Use for /init workflow or when creating agent-readable repository documentation. Examples: - user: "/init" β full AI navigation AGENTS.md + skill recommendations - user: "/init basic" β minimal AGENTS.md structure only - user: "Create AGENTS.md for this repo" β assess complexity, generate navigation doc - user: "Document codebase for AI agents" β structured AGENTS.md with task routing
security-convex
igorwarzocha/opencode-workflows
58
Review Convex security audit patterns for authentication and authorization. Use for auditing query/mutation auth, row-level security, and validators. Use proactively when reviewing Convex apps (convex/ directory present). Examples: - user: "Audit these Convex mutations" β check for missing ctx.auth and input validators - user: "Check for IDOR in Convex queries" β verify ownership checks on document access - user: "Review Convex HTTP actions" β check for signature verification on webhooks - user: "Secure these Convex queries" β implement custom functions for enforced auth - user: "Check for data leaks in subscriptions" β verify filtered result sets
convex-components
igorwarzocha/opencode-workflows
58
Use Convex Components to add isolated backend features and compose component APIs. Use for installing components, calling component APIs, authoring components, and handling component-specific constraints (Id types, env vars, pagination, auth). Use proactively when users mention components, workpool, workflow, agent component, or reusable backend modules. Examples: - user: "Install the Agent component" β add convex.config.ts + use() + components API - user: "Call component functions" β ctx.runQuery(components.foo.bar, args) - user: "Build a component" β defineComponent, schema, _generated, packaging - user: "Expose component API to clients" β re-export functions with auth
create-opencode-plugin
igorwarzocha/opencode-workflows
58
Create OpenCode plugins using the @opencode-ai/plugin SDK. Use for building custom tools, event hooks, auth providers, or tool execution interception. Use proactively when developing new plugins in .opencode/plugin/ or ~/.config/opencode/plugin/. Examples: - user: "Create a plugin to block dangerous commands" β implement tool execution before hook with blocking logic - user: "Add a custom tool for jira" β design tool schema and implementation using SDK context - user: "Show toast on file edit" β react to file edit events and display status message - user: "Build a custom auth provider" β implement auth flow for new model provider - user: "Intercept git commits" β add hook to validate commit messages before execution
branding
igorwarzocha/opencode-workflows
58
Apply official brand colors and typography to professional artifacts. Use for presentations, reports, and documents to ensure corporate visual identity. Use proactively when a "client-ready" look-and-feel is requested. Examples: - user: "Brand this report" -> apply corporate colors and fonts - user: "Apply brand guidelines to these slides" -> update colors/fonts in XML - user: "Check if this document is on-brand" -> verify against color/font standards
writing
igorwarzocha/opencode-workflows
58
Handle structured co-authoring of professional documentation. Use for proposals, technical specs, and RFCs. Use proactively when a collaborative drafting process (Gathering -> Refinement -> Testing) is needed. Examples: - user: "Draft a technical RFC for the new API" -> follow Stage 1 context gathering - user: "Refine the introduction of this proposal" -> use iterative surgical edits - user: "Test if this document is clear for readers" -> run reader testing workflow
security-secrets
igorwarzocha/opencode-workflows
58
Review secret detection patterns and scanning workflows. Use for identifying high-signal secrets like AWS keys, GitHub tokens, and DB passwords. Use proactively during all security audits to scan code and history. Examples: - user: "Scan for secrets in this repo" β run high-signal rg patterns and gitleaks - user: "Check for AWS keys" β scan for AKIA patterns and server-side exposure - user: "Audit my .env files" β ensure secrets are gitignored and not committed - user: "Verify secret redaction" β check that reported secrets follow 4+4 format - user: "Scan build artifacts for keys" β search dist/ and build/ for secret patterns
security-bun
igorwarzocha/opencode-workflows
58
Review Bun runtime security audit patterns. Use for auditing Bun-specific vulnerabilities including shell injection, SQL injection, server security, and process spawning. Use proactively when reviewing Bun apps (bun.lockb, bunfig.toml, or bun:* imports present). Examples: - user: "Review this Bun shell script" β audit `$` usage and argument injection - user: "Check my bun:sqlite queries" β verify `sql` tagged template usage - user: "Audit my Bun.serve() setup" β check path traversal and request limits - user: "Is my Bun.spawn() usage safe?" β audit command injection and input validation - user: "Review WebSocket security in Bun" β check authentication before upgrade
security-express
igorwarzocha/opencode-workflows
58
Review Express.js security audit patterns for middleware and routes. Use for auditing Helmet.js, CORS, body-parser limits, and auth middleware. Use proactively when reviewing Express.js apps. Examples: - user: "Secure my Express app" β add Helmet.js and disable x-powered-by - user: "Check Express CORS config" β verify origin allowlists and credentials - user: "Review Express auth middleware" β check route order and coverage - user: "Scan for Express path traversal" β verify path normalization and validation - user: "Audit Express session config" β check secure, httpOnly, and sameSite flags
convex-core
igorwarzocha/opencode-workflows
58
Build Convex schemas, queries, mutations, actions, and client usage with strict validators and indexes. Use for data modeling, function authoring, argument/return validation, and performance guidance. Use proactively when work touches convex/schema.ts, functions, or api.* references. Examples: - user: "Design tables for multi-tenant app" β defineSchema/defineTable with indexes - user: "Write a mutation" β args/returns validators + auth checks - user: "Optimize query" β add index and withIndex range expression - user: "Use useQuery" β show generated hook usage
prd-authoring
igorwarzocha/opencode-workflows
58
Guide for authoring comprehensive PRDs with parallel planning support. Use for drafting technical specifications, defining requirements, and synthesizing planner outputs. Use proactively when creating PRDs, architecture designs, or implementation plans. Examples: - user: "Draft a PRD for user auth" β create PRD with purpose, requirements, and scenarios - user: "Analyze these PRD requirements" β verify SHALL/MUST usage and scenario structure - user: "Synthesize planner outputs" β merge the strongest parts of multiple generated PRDs - user: "Create a PRD template" β setup standard sections and placeholder content
component-engineering
igorwarzocha/opencode-workflows
58
Apply the formal standard for React component engineering focusing on accessibility, composition, and styling. Use for building professional, composable React artifacts. Use proactively when creating or reviewing React components. Examples: - user: "/component-create Button trigger" β build accessible button with asChild and keyboard map - user: "/component-review src/components/Input.tsx" β audit for accessibility and composition compliance - user: "Build a responsive slider" β select taxonomy type and implement with data attributes - user: "Review my layout component" β check for monolithic patterns vs composition
security-fastapi
igorwarzocha/opencode-workflows
58
Review FastAPI security audit patterns for dependencies and middleware. Use for auditing auth dependencies, CORS configuration, and TrustedHost middleware. Use proactively when reviewing FastAPI apps. Examples: - user: "Audit FastAPI route security" β check for Depends() and Security() usage - user: "Check FastAPI CORS setup" β verify origins when allow_credentials=True - user: "Review FastAPI middleware" β check TrustedHost and HTTPSRedirect config - user: "Secure FastAPI API keys" β move from query params to header schemes - user: "Scan for FastAPI footguns" β check starlette integration and dependency order
command-creator
igorwarzocha/opencode-workflows
58
Create custom /slash commands for repetitive tasks. Use proactively for command creation, prompt automation, or workflow shortcuts. Examples: - user: "Make a /test command that runs pytest" β create command in opencode.json, set prompt to run tests with bash tool - user: "Add a /review command for PRs" β design prompt to fetch diff, analyze changes, generate review comments - user: "Automate this repetitive task" β identify pattern, create slash command with parameterized prompt - user: "Make a /deploy command" β design workflow (build, test, deploy), encode in command prompt
powerpoint
igorwarzocha/opencode-workflows
58
Handle PowerPoint (.pptx) creation, design, and analysis. Use for pitch decks, status updates, and visual storytelling. Use proactively when precise layout positioning and design principles are needed. Examples: - user: "Create a 10-slide deck for the board meeting" -> use design principles + html2pptx - user: "Convert this report into a presentation" -> extract text and map to template - user: "Audit this deck for layout issues" -> generate thumbnail grid for inspection
themes
igorwarzocha/opencode-workflows
58
Apply professional visual themes to documents and presentations. Use for styling artifacts with consistent color palettes and font pairings. Use proactively to quickly improve the aesthetic quality of deliverables. Examples: - user: "Apply a modern theme to this deck" -> use Modern Minimalist theme - user: "I want a tech aesthetic for this doc" -> apply Tech Innovation theme - user: "Create a custom theme for my project" -> generate new color/font specification
security-nextjs
igorwarzocha/opencode-workflows
58
Review Next.js security audit patterns for App Router and Server Actions. Use for auditing NEXT_PUBLIC_* exposure, Server Action auth, and middleware matchers. Use proactively when reviewing Next.js apps. Examples: - user: "Scan Next.js env vars" β find leaked secrets with NEXT_PUBLIC_ prefix - user: "Audit Server Actions" β check for missing auth and input validation - user: "Review Next.js middleware" β verify matcher coverage for protected routes - user: "Check Next.js API routes" β verify auth in app/api and pages/api - user: "Secure Next.js headers" β audit next.config.js for security headers
comms
igorwarzocha/opencode-workflows
58
Apply standardized formats for internal business communications. Use for status reports, company newsletters, FAQs, and leadership updates. Use proactively when consistency in corporate communication is required. Examples: - user: "Write a 3P update for the week" -> use Progress/Plans/Problems template - user: "Draft a company-wide announcement" -> use newsletter format - user: "Create an FAQ for the new project" -> use internal FAQ guidelines
convex-runtime
igorwarzocha/opencode-workflows
58
Implement Convex runtime features: HTTP actions, file storage, search (full text + vector), scheduling (crons + scheduled functions), and RAG patterns. Use for webhooks, uploads, search indexes, vectorSearch actions, and background workflows. Use proactively when users mention HTTP endpoints, files, search, embeddings, or cron/schedule. Examples: - user: "Add full text search" β define searchIndex + withSearchIndex query - user: "Upload files" β generate upload URL and persist storageId - user: "Vector search" β action with ctx.vectorSearch and doc fetch - user: "Run cleanup nightly" β cronJobs + function reference
excel
igorwarzocha/opencode-workflows
58
Handle spreadsheet operations (Excel/CSV) with high-fidelity modeling, financial analysis, and visual verification. Use for budget models, data dashboards, and complex formula-heavy sheets. Use proactively when zero formula errors and professional standards are required. Examples: - user: "Build an LBO model" -> create Excel with banking-standard formatting - user: "Analyze this data and create a dashboard" -> use openpyxl + artifact_tool - user: "Verify formulas in this spreadsheet" -> run recalc.py to check for errors
mcp-installer
igorwarzocha/opencode-workflows
58
Find, install, and configure MCP servers. Use proactively for MCP discovery, OAuth setup, env vars, stdio vs SSE transport, or troubleshooting MCP connections. Examples: - user: "Add the filesystem MCP server" β read server file, add to mcpServers in opencode.json, verify transport type - user: "How do I use MCP with GitHub?" β check catalog, install @modelcontextprotocol/server-github, configure OAuth token - user: "MCP not connecting" β check transport type (stdio/SSE), verify args/command, check env vars are passed - user: "What MCPs are available?" β run list_mcps.py, show catalog with auth types and install commands
pdf
igorwarzocha/opencode-workflows
58
Handle PDF manipulation, form filling, text/table extraction, and high-fidelity generation. Use for professional PDF reports, merging documents, and automated form processing. Use proactively when visual quality and verification are critical. Examples: - user: "Fill this PDF form and verify" -> populate fields and inspect images - user: "Merge these reports and add a watermark" -> use pypdf - user: "Extract this complex table to Excel" -> use pdfplumber for layout preservation
word
igorwarzocha/opencode-workflows
58
Handle Word document (.docx) creation, editing, and analysis with high-fidelity visual review. Use for professional reports, legal documents, and tracked changes. Use proactively when quality and precise formatting are critical. Examples: - user: "Create a professional report in Word" -> use python-docx with render loops - user: "Draft a legal contract with redlines" -> use ooxml redlining workflow - user: "Extract text from this DOCX while preserving structure" -> use pandoc markdown conversion
agent-architect
igorwarzocha/opencode-workflows
58
Create and refine OpenCode agents via guided Q&A. Use proactively for agent creation, performance improvement, or configuration design. Examples: - user: "Create an agent for code reviews" β ask about scope, permissions, tools, model preferences, generate AGENTS.md frontmatter - user: "My agent ignores context" β analyze description clarity, allowed-tools, permissions, suggest improvements - user: "Add a database expert agent" β gather requirements, set convex-database-expert in subagent_type, configure permissions - user: "Make my agent faster" β suggest smaller models, reduce allowed-tools, tighten permissions
skill-creator
igorwarzocha/opencode-workflows
58
Guide for creating effective opencode skills. Use for creating or updating skills that extend agent capabilities with specialized knowledge, workflows, or tool integrations. Examples: - user: "Create a skill for git workflows" β define SKILL.md with instructions and examples - user: "Add examples to my skill" β follow the user: "query" β action pattern - user: "Update skill description" β use literal block scalar and trigger contexts - user: "Structure a complex skill" β organize with scripts/ and references/ directories - user: "Validate my skill" β check structure, frontmatter, and discovery triggers
opencode-config
igorwarzocha/opencode-workflows
58
Edit opencode.json, AGENTS.md, and config files. Use proactively for provider setup, permission changes, model config, formatter rules, or environment variables. Examples: - user: "Add Anthropic as a provider" β edit opencode.json providers, add API key baseEnv var, verify with opencode run test - user: "Restrict this agent's permissions" β add permission block to agent config, set deny/allow for tools/fileAccess - user: "Set GPT-5 as default model" β edit global or agent-level model preference, verify model name format - user: "Disable gofmt formatter" β edit formatters section, set languages.gofmt.enabled = false
plugin-installer
igorwarzocha/opencode-workflows
58
Find, install, and configure OpenCode plugins from the catalog or community. Use proactively when user asks about plugins, requests new capabilities, or mentions extending OpenCode functionality. Examples: - user: "Is there a plugin for Tailwind CSS?" β list catalog, read tailwind plugin details, install if available - user: "How do I add a custom slash command?" β suggest command-creator skill or guide through opencode.json setup - user: "What plugins are available for database work?" β list catalog, filter for database-related plugins - user: "Install the playwright plugin" β read plugin file, add to opencode.json, verify installation
convex-auth
igorwarzocha/opencode-workflows
58
Implement Convex authentication and authorization patterns with OIDC providers or Convex Auth. Use for auth provider setup, ctx.auth usage, user identity handling, and auth-aware schema patterns. Use proactively when users mention auth, JWT, Clerk/Auth0/WorkOS, or Convex Auth. Examples: - user: "Add auth to Convex" β choose provider and outline setup - user: "Get current user" β use ctx.auth.getUserIdentity and checks - user: "Service-to-service access" β use shared secret pattern