From prodsec-skills
Enforces that AI agents have their own identity separate from human users. Use when designing agent identity management, authentication, or permission models.
How this skill is triggered — by the user, by Claude, or both
Slash command
/prodsec-skills:agent-identityThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Agents SHOULD have their own identity and SHOULD NOT use the identity of a human user. Each agent must be a distinct, identifiable entity in the system.
Agents SHOULD have their own identity and SHOULD NOT use the identity of a human user. Each agent must be a distinct, identifiable entity in the system.
Giving agents their own identity enables:
When an agent acts under a human user's identity:
act claim) that preserve both identities{
"action": "tool:execute",
"tool": "database-query",
"actor": {
"type": "agent",
"id": "agent:data-analyst-v2",
"delegated_by": "user:jane.doe"
},
"timestamp": "2026-03-03T10:15:00Z"
}
npx claudepluginhub redhatproductsecurity/prodsec-skills --plugin prodsec-skillsManages agent identities and outbound authentication providers (API keys, OAuth2) for external services like OpenAI, Google, and Slack on the GreenNode AgentBase platform.
Provisions Microsoft Entra Agent Identity Blueprints, BlueprintPrincipals, and per-instance Agent Identities via Microsoft Graph. Configures OAuth 2.0 token exchange (fmi_path, OBO, cross-tenant) and the AgentID sidecar for polyglot agent auth.
Enforces SPIFFE/SPIRE plus mTLS for authenticating agent-to-agent communication. Use when designing or reviewing multi-agent system security.