Write Skill Cards People Can Trust | NVIDIA Skill Documentation

A scan report tells reviewers what automated checks found. A signature tells users whether the artifact changed. A skill card tells humans what they are accepting.

The Skills Card is the per-skill release record described below. Authors can generate one by running the Skill Card.md skill published at NVIDIA/Trustworthy-AI, which walks through each section interactively. The card should be completed before a skill is broadly shared, especially when the skill can run tools, call APIs, write files, or influence production workflows.

What a Skill Card Should Answer

Section	Question it answers
Description	What does this skill do in one sentence?
Owner	Who is accountable for this skill?
License or terms	What rules govern use and redistribution?
Use case	Who should use it, and for what purpose?
Deployment geography	Where is the skill intended to be used?
Risks and mitigations	What could go wrong, and how is that risk reduced?
References	What docs, papers, reports, or model cards support this skill?
Skill output	What does the skill produce, and in what format?
Skill version	Which release or signing identifier does this card describe?
Ethical considerations	What governance or misuse considerations should users keep in mind?

Minimum Useful Card

Use this as the minimum release template:

1 # Skill Card
2 
3 ## Description
4 
5 [Skill name] [does one concrete thing] for [target user or workflow].
6 
7 This skill is [ready for commercial/non-commercial use | for research and development only | for demonstration purposes and not for production usage].
8 
9 ## Owner
10 
11 [Team or person accountable for maintenance and review]
12 
13 ## License/Terms of Use
14 
15 [License or terms link]
16 
17 ## Use Case
18 
19 [Who should use this skill and for what task]
20 
21 ## Deployment Geography for Use
22 
23 [Global, regional, or country-specific deployment scope]
24 
25 ## Known Risks and Mitigations
26 
27 Risk: [Plain-language risk]
28 
29 Mitigation: [Control, limitation, review step, or monitoring plan]
30 
31 ## References
32 
33 - [Reference documentation, paper, model card, or related technical source]
34 - [Scan report or CI evidence]
35 
36 ## Skill Output
37 
38 Output type(s): [Analysis, API calls, code, files, or other]
39 
40 Output format: [Markdown, JSON, string, SARIF, files, etc.]
41 
42 Output parameters: [Shape, dimensions, schema, or file naming rules]
43 
44 Other properties: [Limits, retention, side effects, or validation notes]
45 
46 ## Skill Version
47 
48 [Version, release tag, or signing identifier]
49 
50 ## Ethical Considerations
51 
52 [Relevant policy, human review expectation, misuse concern, or industry-specific constraint]

Connect the Card to the Release

The card should point to the same evidence reviewers used:

SkillSpector scan report or CI job
Source repository and release tag
Signing identifier or skill.oms.sig location
Any model cards or dependency documentation behind the skill
Known limitations and accepted risks

Good Risk Statements

Avoid vague risks like “model may be wrong.” Make risks actionable:

Weak	Stronger
The skill could make mistakes.	The skill may generate incorrect remediation steps; users must review proposed code changes before execution.
The skill uses APIs.	The skill sends package names to OSV.dev for vulnerability lookup; no source code or secrets should be transmitted.
The skill writes files.	The skill may overwrite generated reports in the configured output directory; it must not write outside that directory.

Approval Rule

A skill card is complete when a reviewer can understand the skill’s purpose, owner, output, risks, and release evidence without opening the source code first.