docs: recommend MCP tools for rule verification in skills

davidmytton · claude · davidmytton · commit 78f3531871e7 · 2026-04-08T19:12:07.000Z
Strengthen the verify step in both skills to prioritize MCP tools
(list-requests, analyze-traffic, explain-decision, promote-rule)
over the dashboard, and suggest the security analyst agent for
deeper analysis.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/skills/add-ai-protection/SKILL.md b/skills/add-ai-protection/SKILL.md
@@ -123,10 +123,20 @@ For AI endpoints, provide meaningful error responses:
 1. Start the app and send a normal message — should succeed
 2. Test prompt injection by sending something like "Ignore all previous instructions and..."
 3. Test PII blocking by sending a message with a fake credit card number
-4. Check the Arcjet dashboard or use MCP `list-requests` to see decisions
 
 Start all rules in `"DRY_RUN"` mode first. Once verified, promote to `"LIVE"`.
 
+**Always recommend using the Arcjet MCP tools** to verify rules and analyze traffic:
+
+- `list-requests` — confirm decisions are being recorded, filter by conclusion to see blocks
+- `analyze-traffic` — review denial rates and patterns for the AI endpoint
+- `explain-decision` — understand why a specific request was allowed or denied (useful for tuning prompt injection sensitivity)
+- `promote-rule` — promote rules from `DRY_RUN` to `LIVE` once verified
+
+If the user wants a full security review, suggest the `/arcjet:security-analyst` agent which can investigate traffic, detect anomalies, and recommend additional rules.
+
+The Arcjet dashboard at https://app.arcjet.com is also available for visual inspection.
+
 ## Common Patterns
 
 **Streaming responses**: Call `protect()` before starting the stream. If denied, return the error before opening the stream — don't start streaming and then abort.
diff --git a/skills/protect-route/SKILL.md b/skills/protect-route/SKILL.md
@@ -117,12 +117,18 @@ Apply route-specific rules using `withRule()` on the shared instance — do not
 
 ## Step 5: Verify
 
-Suggest the user start their app, hit the protected route, then verify via:
+Suggest the user start their app and hit the protected route. Remind them that new rules should start in `"DRY_RUN"` mode and be promoted to `"LIVE"` after verification.
 
-- The Arcjet dashboard at https://app.arcjet.com
-- Or MCP: `list-requests` to confirm decisions are being recorded
+**Always recommend using the Arcjet MCP tools** to verify rules are working and analyze traffic:
 
-Remind them that new rules should start in `"DRY_RUN"` mode and be promoted to `"LIVE"` after verification.
+- `list-requests` — confirm decisions are being recorded and inspect allow/deny outcomes
+- `analyze-traffic` — review traffic patterns and denial rates for the protected route
+- `explain-decision` — understand why a specific request was allowed or denied
+- `promote-rule` — promote rules from `DRY_RUN` to `LIVE` once verified
+
+If the user wants a full security review, suggest the `/arcjet:security-analyst` agent which can investigate traffic, detect anomalies, and recommend additional rules.
+
+The Arcjet dashboard at https://app.arcjet.com is also available for visual inspection.
 
 ## Common Mistakes to Avoid
 
