# Requirements for Contributing to OpenAI Skills: A Complete Guide > Learn the requirements for contributing to OpenAI Skills. Discover how to follow the code of conduct, report security issues, structure your repository, and include necessary manifest and license files. - Repository: [OpenAI/skills](https://github.com/openai/skills) - Tags: how-to-guide - Published: 2026-02-16 --- **To contribute to OpenAI Skills, you must follow the Contributor Covenant code of conduct, report security issues privately to security@openai.com, adhere to the repository folder structure, and include a SKILL.md manifest and LICENSE.txt file for every new skill.** The OpenAI Skills repository provides a catalog of reusable capabilities for AI agents. Understanding the requirements for contributing to OpenAI Skills ensures your submissions are reviewed quickly and merged safely into the codebase. ## Community Values and Code of Conduct All contributors must adhere to the **Contributor Covenant**, which governs harassment, contribution etiquette, and professional conduct. The [`contributing.md`](https://github.com/openai/skills/blob/main/contributing.md) file explicitly requires contributors to be kind, inclusive, assume good intent, and help teach others. When participating in discussions or submitting pull requests, treat others with respect and follow standard open-source etiquette. The repository maintains a welcoming environment by enforcing these community values across all interactions. ## Security and Responsible AI Requirements Security vulnerabilities must never be reported through public GitHub issues. Instead, email **security@openai.com** with a detailed description of the issue, steps to reproduce, potential impact, and any suggested mitigations. This private reporting requirement applies to any security concerns regarding model outputs, skill-installer scripts, or potential exploits within skill implementations. The [`contributing.md`](https://github.com/openai/skills/blob/main/contributing.md) file emphasizes responsible disclosure to protect users before patches are deployed. ## Repository Structure and File Organization Contributions must follow the strict folder hierarchy defined in the repository. Skills are organized into three distinct categories based on their maturity and curation status. ### Skill Directory Layout New skills must be placed in one of the following locations: - `skills/.system/` – System-installed skills automatically available in Codex - `skills/.curated/` – Reviewed and approved skills ready for general use - `skills/.experimental/` – Experimental skills available for manual installation only Each skill resides in a self-contained folder containing agents, scripts, assets, and required documentation files. ### Required Files for Every Skill Every skill submission must include two mandatory files: 1. **SKILL.md** – The manifest file describing the skill, usage instructions, agent configurations, and licensing information. This file enables automatic discovery by Codex and inclusion in the skills catalog. 2. **LICENSE.txt** – The license file specifying the skill's individual license. While the repository uses individual skill licenses, each skill must explicitly expose its license terms. Example skill structure: ```bash skills/.curated/my-awesome-skill/ ├─ agents/openai.yaml # Agent configuration (optional) ├─ SKILL.md # Manifest (required) └─ LICENSE.txt # License (required) ``` ## Pull Request Guidelines When submitting contributions, target the `main` branch and provide a clear PR title and description summarizing the change, its necessity, and any testing performed. All pull requests must pass **CI checks** that validate skill manifests and verify folder structure compliance. These automated checks run via GitHub Actions and display results directly on the PR page. ## Summary - Follow the **Contributor Covenant** and maintain inclusive, respectful communication - Report security issues privately to **security@openai.com** rather than public issues - Place skills in `skills/.system/`, `skills/.curated/`, or `skills/.experimental/` based on maturity - Include **SKILL.md** and **LICENSE.txt** in every skill directory - Target the `main` branch and ensure CI checks pass before requesting review ## Frequently Asked Questions ### What license do I need for my skill? Each skill must include its own [`LICENSE.txt`](https://github.com/openai/skills/blob/main/LICENSE.txt) file specifying the terms under which it is distributed. The repository does not enforce a single license across all skills, allowing contributors to choose appropriate licenses for their individual work, provided the license file is present and clearly stated in the [`SKILL.md`](https://github.com/openai/skills/blob/main/SKILL.md) manifest. ### How do I report a security vulnerability in a skill? Email **security@openai.com** with a detailed description of the vulnerability, steps to reproduce, potential impact assessment, and any suggested mitigations. Do not open public GitHub issues for security concerns, as responsible disclosure protects users while patches are developed and deployed. ### Where should experimental skills be placed? Experimental skills belong in the `skills/.experimental/` directory. This location houses skills that are still in development, undergoing testing, or not yet ready for general curation. Users can manually install experimental skills, but they do not receive the same level of review or support as curated skills in `skills/.curated/`. ### What happens if my skill manifest is missing? Pull requests missing the required [`SKILL.md`](https://github.com/openai/skills/blob/main/SKILL.md) file will fail automated CI checks and cannot be merged. The manifest is essential for Codex to discover and utilize the skill, and for the skills catalog to index it correctly. Ensure your [`SKILL.md`](https://github.com/openai/skills/blob/main/SKILL.md) includes the skill description, usage instructions, agent configurations, and licensing information before submitting.