Access Request Tracker
Prerequisites
This skill needs the iGPT MCP at https://mcp.igpt.ai/.
If the MCP tools aren't available or return an auth error, tell the
user to install the iGPT plugin (/plugin marketplace add igptai/skills)
or add https://mcp.igpt.ai/ as a connector, then complete OAuth and say
"ready". Retry once after they confirm. Never invent tokens or OAuth URLs.
For deeper troubleshooting: https://raw.githubusercontent.com/igptai/skills/main/shared/mcp-guard.md
What This Skill Does
Scans all IT and HR-related email threads for every access request,
permission change, and account provisioning item — extracting who requested
what, whether approval was obtained, whether IT has fulfilled the request,
and what is still sitting in the queue unactioned.
Workflow
-
Before calling any tool, collect these values from the user. Offer the
defaults and let the user override them; do not invent values they did
not give.
- [time_range] — what window of email to scan. The user may give this
in any form ("last 60 days", "the last 2 months", "May 2024",
"since the audit"). Default: the last 60 days. Keep the user's
natural phrasing for use in the ask input; convert to ISO dates
separately for the search call.
- [system_scope] — either "all" (default) or a specific system, team,
or resource to focus on.
- [system_clause] — derived. When [system_scope] is not "all", set
to " for [system_scope]". When [system_scope] is "all", set to
empty string.
-
Call search with:
- query: access request permission grant account setup provisioning
approve credentials login system role
(if [system_scope] is not "all", append the system or team name to the query)
- date_from: ISO start date derived from [time_range]
- date_to: ISO end date derived from [time_range] (or today if open-ended)
-
Call ask with:
- input: Review all email threads from [time_range][system_clause] involving IT access requests, permission changes, and account provisioning. For each request identify: who requested access, what system or resource they need access to, what level of access was requested, whether a manager or approver gave approval, whether IT has fulfilled the request, and whether the request is still pending or has gone unactioned.
- output_format:
{
"strict": true,
"schema": {
"type": "object",
"description": "IT access request tracker across all pending and recent provisioning requests",
"additionalProperties": false,
"properties": {
"as_of": {
"type": "string",
"description": "ISO8601 date when this report was generated"
},
"requests": {
"type": "array",
"description": "List of every access or provisioning request found in email",
"items": {
"type": "object",
"description": "A single access request with approval and fulfillment status",
"additionalProperties": false,
"properties": {
"requester": {
"type": "string",
"description": "Name of the person requesting access"
},
"system_or_resource": {
"type": "string",
"description": "The system, application, or resource access was requested for"
},
"access_type": {
"type": "string",
"description": "Type of access or change requested",
"enum": [
"new_account", "role_change", "elevated_permissions",
"read_access", "write_access", "admin_access",
"vpn_access", "offboarding_removal", "other"
]
},
"requested_on": {
"type": "string",
"description": "ISO8601 date the request was made"
},
"approval_status": {
"type": "string",
"description": "Whether the request has been approved by the appropriate manager",
"enum": ["approved", "pending_approval", "denied", "unknown"]
},
"approved_by": {
"type": "string",
"description": "Name or role of the approver, empty string if not yet approved"
},
"fulfillment_status": {
"type": "string",
"description": "Whether IT has fulfilled this request",
"enum": ["fulfilled", "in_progress", "pending", "blocked", "unknown"]
},
"days_pending": {
"type": "number",
"description": "Number of days this request has been waiting for approval or fulfillment"
},
"urgency": {
"type": "string",
"description": "How urgently this access request needs to be fulfilled",
"enum": ["high", "medium", "low"]
},
"blocker": {
"type": "string",
"description": "Anything blocking this request from being fulfilled, empty string if none"
}
},
"required": [
"requester", "system_or_resource", "access_type", "requested_on",
"approval_status", "approved_by", "fulfillment_status",
"days_pending", "urgency", "blocker"
]
}
},
"pending_approval_count": {
"type": "number",
"description": "Number of requests still waiting for manager approval"
},
"pending_fulfillment_count": {
"type": "number",
"description": "Number of approved requests not yet fulfilled by IT"
},
"overdue_count": {
"type": "number",
"description": "Number of requests that have been pending for more than 5 business days"
},
"summary": {
"type": "string",
"description": "One or two sentence summary of access request backlog and most urgent items"
}
},
"required": [
"as_of", "requests", "pending_approval_count",
"pending_fulfillment_count", "overdue_count", "summary"
]
}
}
-
Present approved-but-unfulfilled requests first, then pending-approval
requests, ordered by days_pending descending. Lead with pending_fulfillment
count and overdue count.
-
Ask: "Would you like me to draft a fulfillment reminder or approval
chase for any outstanding requests?"