crowdstrike-falcon-foundry

Falcon Foundry Skills

AI coding assistant skills for building CrowdStrike Falcon Foundry apps. Build Foundry apps from a natural language prompt — API integrations, workflows, UI pages, functions, and collections — all scaffolded with the Foundry CLI and deployed to the Falcon console.

Getting Started

Prerequisites

• Foundry CLI: Install with brew tap crowdstrike/foundry-cli && brew install crowdstrike/foundry-cli/foundry (macOS/Linux) or download for Windows
• CrowdStrike Account: With Falcon Foundry access
• Authentication: Run foundry login to authenticate
• AI Coding Assistant: Claude Code, Codex, Copilot CLI, Cursor, Gemini CLI, or any tool that supports loading reference documentation

Claude Code (Tested)

Install from the Anthropic Plugin Marketplace:

/plugin install crowdstrike-falcon-foundry

Or register this repo as a plugin marketplace, then install:

/plugin marketplace add CrowdStrike/foundry-skills
/plugin install crowdstrike-falcon-foundry@foundry-marketplace

Or install from a local clone for development:

git clone https://github.com/CrowdStrike/foundry-skills.git
claude --plugin-dir /path/to/foundry-skills

The --plugin-dir flag loads the plugin for that session. To make it permanent, add it to your .claude/settings.json:

{
  "plugins": ["/path/to/foundry-skills"]
}

Changes to skill files take effect on the next Claude Code session — no reinstall needed.

Codex (Experimental)

Codex discovers skills from ~/.agents/skills/. Clone and symlink:

git clone https://github.com/CrowdStrike/foundry-skills.git
mkdir -p ~/.agents/skills
ln -s /path/to/foundry-skills/skills ~/.agents/skills/foundry-skills

Restart Codex to discover the skills. See the Codex skills docs for details.

Copilot CLI (Experimental)

Copilot CLI shares the ~/.agents/skills/ discovery directory with Codex:

git clone https://github.com/CrowdStrike/foundry-skills.git
mkdir -p ~/.agents/skills
ln -s /path/to/foundry-skills/skills ~/.agents/skills/foundry-skills

Restart Copilot CLI to discover the skills.

Cursor (Experimental)

Add a rule file to your project's .cursor/rules/ directory:

git clone https://github.com/CrowdStrike/foundry-skills.git
mkdir -p .cursor/rules
cat > .cursor/rules/foundry-skills.mdc << 'EOF'
---
description: Use when building Falcon Foundry apps — API integrations, workflows, UI pages, functions, collections
alwaysApply: false
---

Reference the Falcon Foundry skills in /path/to/foundry-skills/skills/ for building Foundry apps.
The primary orchestrator is development-workflow/SKILL.md.
EOF

Cursor activates the rule automatically when your prompt matches the description.

Gemini CLI (Experimental)

Link the skills so Gemini discovers them as native Agent Skills:

git clone https://github.com/CrowdStrike/foundry-skills.git
gemini skills link /path/to/foundry-skills/skills --scope user

This creates symlinks in ~/.gemini/skills/ so all skills are available in every workspace. Use --scope workspace to install into the current project's .gemini/skills/ instead. Verify with gemini skills list or /skills list inside a session.

Gemini activates the right skill on demand based on your prompt.

Other Tools

These skills are plain markdown files. Any AI coding assistant that can read local files can use them. See AGENTS.md for the full development guide, or point your tool at the skills/ directory and start with development-workflow/SKILL.md as the entry point.

Usage

Example prompt

This prompt exercises the full skill set — API integration, workflow, and UI:

Can you create a Falcon Foundry app for me that has an Okta API integration
with openapi? Share its listusers endpoint with Falcon Fusion SOAR. Then,
create a workflow that can be run on-demand to email or print the list of
users. Finally, create a UI extension that calls the listusers endpoint and
displays the results.

How skill routing works

The skills include hooks that ensure the right skills get used:

1. UserPromptSubmit hook — Matches an action verb paired with a Foundry noun — e.g., "create a foundry app". Explicit CLI commands and skill requests also trigger it.