diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
index 57b8eb0e1f..317ec89065 100644
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -28,15 +28,29 @@ Do NOT leave comments about:
 
 Aim for fewer, higher-signal comments. A review with 2-3 important comments is better than 15 trivial ones.
 
-## Instruction Files
-
-BEFORE editing or code-reviewing any file, you MUST read the `.github/instructions/` files whose `applyTo` patterns match the files you are about to edit. For example:
-- Editing/code-reviewing `pyrit/**/*.py` → read `style-guide.instructions.md` and `user-custom.instructions.md`
-- Editing/code-reviewing `pyrit/scenario/**` → also read `scenarios.instructions.md`
-- Editing/code-reviewing `pyrit/prompt_converter/**` → also read `converters.instructions.md`
-- Editing/code-reviewing `tests/**` → also read `test.instructions.md`
-- Editing/code-reviewing `doc/**/*.py` or `doc/**/*.ipynb` → also read `docs.instructions.md`
-- Editing/code-reviewing `frontend/**/*.{ts,tsx}` → also read `frontend-style-guide.instructions.md`
-- Editing/code-reviewing `frontend/**/*.test.{ts,tsx}` → also read `frontend-test.instructions.md`
-
-Follow every rule in the applicable instruction files. Do not skip this step.
+## Skills
+
+PyRIT ships subsystem-specific **skills** under `.github/skills/`. BEFORE you create, modify, or **review** code in one of these areas, invoke the matching skill and follow its contract:
+
+| Area (path) | Skill |
+| --- | --- |
+| `pyrit/prompt_converter/**` | `prompt-converter-development` |
+| `pyrit/prompt_target/**` | `prompt-target-development` |
+| `pyrit/score/**` | `scorer-development` |
+| `pyrit/scenario/**` | `scenario-development` |
+| `pyrit/executor/attack/**` | `attack-strategy-development` |
+| `pyrit/models/**` | `models-guidelines` |
+| `pyrit/output/**` | `output-module` |
+| `pyrit/datasets/seed_datasets/**` | `seed-dataset-loaders` |
+| `doc/**/*.{py,ipynb}` | `docs-sync` |
+| `frontend/**/*.test.{ts,tsx}` | `frontend-testing` |
+
+Do not skip this step. If a skill's guidance and these repository instructions ever conflict, follow the skill for that subsystem.
+
+## Instructions
+
+These always-on instructions apply automatically by file path — no skill invocation needed:
+
+- `.github/instructions/style-guide.instructions.md` — all Python (`**/*.py`)
+- `.github/instructions/frontend-style-guide.instructions.md` — frontend TypeScript/React (`frontend/**/*.{ts,tsx}`)
+- `.github/instructions/test.instructions.md` — all tests (`**/tests/**`)
diff --git a/.github/instructions/attacks.instructions.md b/.github/instructions/attacks.instructions.md
deleted file mode 100644
index 2d5c4d7c96..0000000000
--- a/.github/instructions/attacks.instructions.md
+++ /dev/null
@@ -1,58 +0,0 @@
----
-applyTo: "pyrit/executor/attack/**"
----
-
-# PyRIT AttackStrategy Development Guidelines
-
-`AttackStrategy` subclasses (single-turn attacks like `PromptSendingAttack`, multi-turn attacks like `RedTeamingAttack`, etc.) are pluggable bricks orchestrated by `AttackExecutor` and the `Scenario` framework. Style rules from `style-guide.instructions.md` (async `_async` suffix, keyword-only args, type hints, enums-over-Literals) still apply and are not repeated here.
-
-## Constructor contract
-
-`AttackStrategy` subclasses MUST follow the keyword-only constructor shape:
-
-```python
-class MyAttack(AttackStrategy[MyContext, MyResult]):
-    def __init__(
-        self,
-        *,
-        objective_target: PromptTarget,
-        custom_param: str = "",
-        **kwargs: Any,
-    ) -> None:
-        super().__init__(
-            objective_target=objective_target,
-            context_type=MyContext,
-            **kwargs,
-        )
-```
-
-Requirements:
-
-- All parameters after ``self`` are keyword-only (insert ``*`` immediately
-  after ``self``). This is **enforced at class-definition time** by
-  `AttackStrategy.__init_subclass__` calling `enforce_keyword_only_init`
-  (see `pyrit/common/brick_contract.py`). Non-conforming subclasses
-  raise `TypeError` at import time.
-- ``super().__init__(...)`` must be invoked with at minimum
-  ``objective_target`` and ``context_type``.
-- Existing subclasses that cannot adopt the contract immediately may set
-  the class attribute ``_brick_legacy_init = True`` to opt into a
-  one-release grace period that downgrades the error to a
-  ``DeprecationWarning(removed_in="0.16.0")``. The opt-out is removed in
-  0.16.0; classes that still violate the contract at that point will hard
-  fail.
-- ``AttackTechniqueFactory`` already rejects ``**kwargs`` in attack
-  ``__init__`` at factory-registration time
-  (`pyrit/scenario/core/attack_technique_factory.py`); the new
-  ``__init_subclass__`` check is complementary — the factory check catches
-  scenarios-side wiring mistakes, the subclass check catches the
-  ``__init__`` shape at class-definition time.
-
-## Common pitfalls
-
-- Forgetting ``*`` after ``self`` — the new check will surface this at
-  import time with the exact list of positional parameters that need to be
-  made keyword-only.
-- Calling ``super().__init__`` with positional arguments — the base
-  ``AttackStrategy.__init__`` is already keyword-only, so positional calls
-  raise ``TypeError`` at runtime. Always forward via kwargs.
diff --git a/.github/instructions/docs.instructions.md b/.github/instructions/docs.instructions.md
deleted file mode 100644
index 7bcc470491..0000000000
--- a/.github/instructions/docs.instructions.md
+++ /dev/null
@@ -1,96 +0,0 @@
----
-applyTo: 'doc/**/*.{py,ipynb}'
----
-
-# Documentation File Synchronization
-
-## CRITICAL: .ipynb and .py Files Are Linked
-
-All Jupyter notebooks (.ipynb) in the `doc/` directory have corresponding Python (.py) files that are **tightly synchronized**. These files MUST always match exactly in content. They represent the same documentation in different formats.
-
-**Locations:** `doc/**/*.ipynb` and `doc/**/*.py`
-
-## Editing Guidelines
-
-### Preferred Approach: Inline Updates to Both Files
-For simple, straightforward changes (imports, variable names, paths, small code fixes):
-- **UPDATE BOTH FILES INLINE** using search/replace operations
-- This is the fastest and most reliable method for minor edits
-- Ensures immediate synchronization without execution overhead
-- **Exercise extreme caution**: Even small mismatches will break synchronization
-- Also acceptable to just edit the .ipynb and regenerate the .py (this is fast)
-
-### Last Resort: Regenerate the ipynb with Jupytext
-For complex or extensive changes where inline editing is error-prone:
-1. Edit ONLY the .py file
-2. Regenerate the .ipynb using: `jupytext --to ipynb --execute doc/path/to/your_notebook.py`
-3. **WARNING**: This process takes several minutes to execute
-4. Use this ONLY when inline updates are too risky or complex
-
-## Why This Matters
-- Out-of-sync files create inconsistent documentation
-- Users and CI/CD systems expect these files to match exactly
-- Breaking synchronization causes maintenance headaches and confusion
-- The .py files are managed by jupytext and must remain compatible
-
-## Verification Approach
-When making changes:
-1. **Think carefully** before editing - can this be done inline safely?
-2. If editing inline, ensure BOTH .ipynb and .py receive identical logical changes
-3. Pay special attention to:
-   - Code cell content must match exactly
-   - Imports and function calls
-   - File paths and constants
-   - Variable names and values
-4. After editing, verify the changes are truly equivalent
-
-
-## Jupytext Usage Reference
-
-### Critical pre-execution checklist
-
-Before running `jupytext --execute`, make sure the kernel will exercise *the code in this checkout*, not some stale install:
-
-1. **Use a kernel bound to a Python env that has this worktree installed editable.**
-   Reusing an existing `pyrit` kernel is fine *only if* it points at the current
-   checkout — otherwise it will resolve imports against an unrelated copy and
-   either pass on stale code or fail on missing new symbols.
-   - Quick check: `python -c "import pyrit, pathlib; print(pathlib.Path(pyrit.__file__).resolve())"`
-   - If it doesn't match this worktree, install editable here: `pip install -e .`
-     (this rebinds the existing kernel to this checkout, no new kernel needed).
-   - Only create a new kernel (`python -m ipykernel install --user --name <name>`)
-     if you actually need an isolated env.
-2. **Credentials must be pre-configured.** Most notebooks call live targets
-   (OpenAI, Azure, etc.) and load creds from `~/.pyrit/.env`. Make sure the
-   required keys are present before executing.
-
-### Keep the cell outputs
-
-**Do not strip cell outputs from notebooks under `doc/`.** Outputs are part of the
-documentation — readers rely on seeing rendered tables, images, and printer output.
-If a notebook can't execute end-to-end, that is exactly the regression we want
-to surface in review; don't paper over it by committing an output-less notebook.
-`nbstripout` is intentionally not run against `doc/` content for this reason.
-
-### Commands
-
-Generate .ipynb from .py (with execution — if it fails it means there are errors):
-```bash
-jupytext --to ipynb --execute doc/path/to/your_notebook.py
-```
-
-Generate .py from .ipynb:
-```bash
-jupytext --to py:percent doc/path/to/notebook.ipynb
-```
-
-If a `doc/**/*.py` notebook fails during `jupytext --execute` with errors that look like uninitialized state (missing env vars, undefined names, `initialize_pyrit_async` apparently not run, failing cell shows `Cell In[1]` despite earlier code), **check the `# %%` cell separators in the .py file first**.
-
-A missing `# %%` between a `# %% [markdown]` block and the following code causes jupytext to silently absorb the code into the markdown cell, so it never executes. Symptoms in isolation (small repro scripts) will work fine — the bug is purely in the cell structure of the .py file. Do not chase env-loading or runtime issues until cell markers are verified.
-
-## Summary
-- **Default strategy**: Update both files inline for simple changes
-- **Be cautious and deliberate**: Out-of-sync files are worse than slow regeneration
-- **Last resort**: Edit .py only, then regenerate .ipynb (slow but safe)
-- **Never** edit only one file without addressing the other
-```
diff --git a/.github/instructions/frontend-test.instructions.md b/.github/instructions/frontend-test.instructions.md
deleted file mode 100644
index d051329ae5..0000000000
--- a/.github/instructions/frontend-test.instructions.md
+++ /dev/null
@@ -1,472 +0,0 @@
----
-applyTo: 'frontend/**/*.test.{ts,tsx}'
----
-
-# PyRIT Frontend Test Instructions
-
-Consistent, fast, readable tests using Jest + React Testing Library + Fluent UI v9.
-
-## Test Stack
-
-| Tool | Purpose |
-|---|---|
-| **Jest** (`ts-jest`, `jsdom`) | Test runner and assertions |
-| **React Testing Library** (`@testing-library/react`) | Component rendering and DOM queries |
-| **`@testing-library/user-event`** | Simulating realistic user interactions |
-| **`@testing-library/jest-dom`** | Extended DOM matchers (`toBeInTheDocument`, `toBeDisabled`, etc.) |
-| **Playwright** (`@playwright/test`) | E2E browser tests (separate from unit tests) |
-
-## File Naming & Location
-
-- Test files are **co-located** next to the source file they test.
-- Naming: `<ComponentName>.test.tsx` or `<moduleName>.test.ts`
-
-```
-components/Chat/
-  ChatWindow.tsx
-  ChatWindow.styles.ts
-  ChatWindow.test.tsx      ← co-located test
-hooks/
-  useConnectionHealth.tsx
-  useConnectionHealth.test.tsx
-utils/
-  messageMapper.ts
-  messageMapper.test.ts    ← for pure utility tests, use .test.ts (no JSX needed)
-```
-
-## Test Structure
-
-### Describe / It Blocks
-- Group tests with `describe('<ComponentName>', () => { ... })`.
-- Use concise `it('should ...')` descriptions that state the expected behavior.
-
-```tsx
-describe('ConnectionBanner', () => {
-  it('renders warning banner when degraded', () => { ... })
-  it('renders error banner when disconnected', () => { ... })
-})
-```
-
-### Setup & Teardown
-- Use `beforeEach(() => jest.clearAllMocks())` to reset mocks between tests.
-- Define `defaultProps` at the top of the `describe` block to avoid repetition.
-
-```tsx
-describe('ChatInputArea', () => {
-  const defaultProps = {
-    onSend: jest.fn(),
-    disabled: false,
-  }
-
-  beforeEach(() => {
-    jest.clearAllMocks()
-  })
-
-  it('should render input and send button', () => {
-    render(<TestWrapper><ChatInputArea {...defaultProps} /></TestWrapper>)
-    expect(screen.getByRole('textbox')).toBeInTheDocument()
-  })
-})
-```
-
-## Rendering Components
-
-### Fluent UI Provider Wrapper
-Fluent UI v9 components require `FluentProvider` to be in the tree. Define a `TestWrapper` at the top of each test file for any test that renders Fluent UI components.
-
-```tsx
-import { FluentProvider, webLightTheme } from '@fluentui/react-components'
-
-const TestWrapper: React.FC<{ children: React.ReactNode }> = ({ children }) => (
-  <FluentProvider theme={webLightTheme}>{children}</FluentProvider>
-)
-
-// Usage
-render(<TestWrapper><MyComponent {...props} /></TestWrapper>)
-```
-
-### Context Providers
-For components that consume React Context (e.g., `useConnectionHealth`), wrap with the appropriate provider or mock the hook.
-
-```tsx
-// Option A: Mock the hook
-jest.mock('@/hooks/useConnectionHealth', () => ({
-  useConnectionHealth: () => ({ status: 'connected', reconnectCount: 0 }),
-}))
-
-// Option B: Wrap with the real provider
-render(
-  <ConnectionHealthProvider>
-    <ComponentUnderTest />
-  </ConnectionHealthProvider>
-)
-```
-
-## Guiding Principle
-
-> "The more your tests resemble the way your software is used, the more confidence they can give you." — Kent C. Dodds
-
-Tests should interact with DOM nodes the way a real user would — not with component instances, internal state, or CSS class names. If a test breaks only because of a refactor (not a behavior change), the test is too tightly coupled.
-
-## Querying the DOM
-
-### Use `screen` for All Queries
-Always import `screen` from `@testing-library/react` and query through it. Do not destructure queries from `render()` — `screen` is pre-bound to `document.body` and reads more clearly.
-
-```tsx
-// CORRECT
-import { render, screen } from '@testing-library/react'
-render(<MyComponent />)
-screen.getByRole('button', { name: /submit/i })
-
-// INCORRECT — destructuring from render
-const { getByRole } = render(<MyComponent />)
-getByRole('button', { name: /submit/i })
-```
-
-### Query Priority (follow Testing Library best practices)
-Queries are ranked by how closely they mirror user experience. Prefer higher-priority queries:
-
-**1. Accessible to everyone** — reflect how visual users and assistive technology find elements:
-
-| Priority | Query | When to use |
-|---|---|---|
-| 1st | `getByRole` | Almost everything — buttons, textboxes, headings, dialogs, tabs. Use the `name` option to narrow: `getByRole('button', { name: /send/i })` |
-| 2nd | `getByLabelText` | Form fields — emulates finding an input by its `<label>` |
-| 3rd | `getByPlaceholderText` | Only when no label exists (a placeholder is NOT a substitute for a label) |
-| 4th | `getByText` | Non-interactive elements (paragraphs, spans, banners) |
-| 5th | `getByDisplayValue` | Filled-in form fields (current value of `<input>`, `<select>`) |
-
-**2. Semantic queries** — HTML5 / ARIA attributes (less reliable across assistive tech):
-
-| Priority | Query | When to use |
-|---|---|---|
-| 6th | `getByAltText` | `<img>`, `<area>`, `<input>` with `alt` text |
-| 7th | `getByTitle` | `title` attribute — not consistently read by screen readers |
-
-**3. Test IDs** — invisible to users, last resort:
-
-| Priority | Query | When to use |
-|---|---|---|
-| 8th | `getByTestId` | When no semantic query works, or text is dynamic/unstable |
-
-```tsx
-// CORRECT — queries what the user sees
-screen.getByRole('button', { name: /send/i })
-screen.getByLabelText('Username')
-screen.getByText(/unable to reach/i)
-
-// ACCEPTABLE — for non-semantic containers
-screen.getByTestId('connection-banner')
-
-// INCORRECT — fragile, tied to implementation
-container.querySelector('.fluentui-button-primary')
-```
-
-### `getByRole` Tips
-- Use the `name` option (accessible name) to distinguish multiple elements with the same role: `getByRole('button', { name: /delete/i })`
-- Filter by state: `{ checked: true }`, `{ selected: true }`, `{ pressed: true }`, `{ expanded: false }`, `{ busy: true }`, `{ current: 'page' }`
-- Query headings by level: `getByRole('heading', { level: 2 })`
-- If `getByRole` is slow on a large DOM, consider `getByLabelText` or `getByText` as a faster alternative
-
-### Query Variants — `get` vs `query` vs `find`
-
-| Variant | No match | 1 match | >1 match | Async? | Use when... |
-|---|---|---|---|---|---|
-| `getBy` | **throws** | returns element | **throws** | No | Element MUST be present right now |
-| `queryBy` | returns `null` | returns element | **throws** | No | Asserting element is NOT present |
-| `findBy` | **throws** (after timeout) | returns element | **throws** | Yes | Element will appear after async operation |
-| `getAllBy` | **throws** | returns array | returns array | No | Multiple elements expected |
-| `queryAllBy` | returns `[]` | returns array | returns array | No | Asserting count or absence of multiple |
-| `findAllBy` | **throws** (after timeout) | returns array | returns array | Yes | Multiple elements appear asynchronously |
-
-### Async Queries & Waiting
-
-**Waiting for appearance** — use `findBy*` (preferred) or `waitFor`:
-
-```tsx
-// PREFERRED — findBy is a combination of getBy + waitFor
-const successMsg = await screen.findByText(/attack complete/i)
-expect(successMsg).toBeInTheDocument()
-
-// ALTERNATIVE — waitFor for non-DOM assertions
-await waitFor(() => {
-  expect(mockApi).toHaveBeenCalledTimes(1)
-})
-```
-
-**Asserting disappearance** — use `waitForElementToBeRemoved` or `waitFor` + `queryBy`:
-
-```tsx
-// PREFERRED — efficient, uses MutationObserver internally
-await waitForElementToBeRemoved(() => screen.queryByText(/loading/i))
-
-// ALTERNATIVE
-await waitFor(() => {
-  expect(screen.queryByText(/loading/i)).not.toBeInTheDocument()
-})
-```
-
-**Asserting absence (synchronous)** — use `queryBy`:
-
-```tsx
-// CORRECT — returns null instead of throwing
-expect(screen.queryByText(/error/i)).not.toBeInTheDocument()
-expect(screen.queryAllByRole('alert')).toHaveLength(0)
-
-// INCORRECT — getBy throws if missing, making the error message confusing
-expect(screen.getByText(/error/i)).not.toBeInTheDocument() // throws before assertion
-```
-
-### TextMatch Patterns
-Queries accept strings, regular expressions, or functions:
-
-```tsx
-// Exact string (default)
-screen.getByText('Hello World')
-
-// Regex — preferred for partial or case-insensitive matches
-screen.getByText(/hello world/i)     // case-insensitive full match
-screen.getByText(/hello/i)           // substring match
-screen.getByRole('button', { name: /submit/i })
-
-// Custom function (rare — for complex matching)
-screen.getByText((content, element) => {
-  return element?.tagName === 'SPAN' && content.startsWith('Error')
-})
-```
-
-Prefer regex over `{ exact: false }` — regex gives you more control.
-
-## User Interactions
-
-### Use `userEvent` over `fireEvent`
-`fireEvent` dispatches a single DOM event. `userEvent` simulates a full interaction — focus, keyboard events, input events, selection changes, blur — just like a real browser. It also enforces visibility and interactability checks (e.g., it won't click a hidden element or type in a disabled input).
-
-Use `fireEvent` only for edge cases that `userEvent` doesn't support yet (e.g., custom drag events).
-
-### Always call `userEvent.setup()` before rendering
-Create the `user` instance before `render()`, not inside `beforeEach`. This ensures a clean event state per test.
-
-```tsx
-import userEvent from '@testing-library/user-event'
-
-it('should call onSend when user types and clicks send', async () => {
-  const user = userEvent.setup()
-  const onSend = jest.fn()
-
-  render(<TestWrapper><ChatInputArea onSend={onSend} disabled={false} /></TestWrapper>)
-
-  await user.type(screen.getByRole('textbox'), 'Hello')
-  await user.click(screen.getByRole('button', { name: /send/i }))
-
-  expect(onSend).toHaveBeenCalled()
-})
-```
-
-### Common `userEvent` APIs
-
-| Method | Simulates |
-|---|---|
-| `user.click(element)` | Full click (pointerdown → mousedown → focus → pointerup → mouseup → click) |
-| `user.dblClick(element)` | Double click |
-| `user.type(element, text)` | Typing character-by-character into a focused element |
-| `user.clear(element)` | Selecting all text and deleting it |
-| `user.selectOptions(select, values)` | Selecting option(s) in a `<select>` |
-| `user.upload(input, file)` | Uploading file(s) to a file input |
-| `user.tab()` | Pressing Tab to move focus |
-| `user.keyboard('{Enter}')` | Pressing specific keys |
-| `user.hover(element)` / `user.unhover(element)` | Mouse enter / leave |
-| `user.paste(text)` | Pasting from clipboard |
-
-## Mocking
-
-### API Mocks
-Mock the API service objects from `src/services/api.ts`. Do NOT mock Axios directly in component tests.
-
-```tsx
-import { attacksApi } from '@/services/api'
-
-jest.mock('@/services/api', () => ({
-  attacksApi: {
-    getMessages: jest.fn(),
-    createAttack: jest.fn(),
-  },
-}))
-
-const mockGetMessages = attacksApi.getMessages as jest.Mock
-mockGetMessages.mockResolvedValue({ data: [...] })
-```
-
-### Timer Mocks
-For components with `setInterval` / `setTimeout` (e.g., polling), use Jest fake timers.
-
-```tsx
-beforeEach(() => {
-  jest.useFakeTimers()
-})
-
-afterEach(() => {
-  jest.useRealTimers()
-})
-
-it('polls health endpoint every 60 seconds', () => {
-  render(<ConnectionHealthProvider>...</ConnectionHealthProvider>)
-  jest.advanceTimersByTime(60_000)
-  expect(healthApi.checkHealth).toHaveBeenCalledTimes(1)
-})
-```
-
-### Global Mocks
-The following are already mocked globally in `src/setupTests.ts` — do NOT re-mock them:
-- `window.matchMedia`
-- `ResizeObserver`
-- `IntersectionObserver`
-- `Element.prototype.scrollTo` / `scrollIntoView`
-- `URL.createObjectURL` / `revokeObjectURL`
-- `import.meta.env` variables (`VITE_API_URL`, `MODE`)
-
-## What to Test
-
-### Components
-- **Rendering**: correct output for given props (including edge cases like empty arrays, loading states, error states).
-- **User interactions**: clicks, typing, form submissions invoke the correct callbacks.
-- **Conditional rendering**: elements appear/disappear based on props or state.
-- **Accessibility**: interactive elements are reachable by role; disabled states are reflected.
-
-### Hooks
-- **State transitions**: initial state, state after actions, error states.
-- **Side effects**: API calls are triggered, intervals are set up and cleaned up.
-- Prefer testing hooks through a consuming component. Use `renderHook` only for reusable library-style hooks that are difficult to test through a component.
-
-```tsx
-import { renderHook, act } from '@testing-library/react'
-
-it('returns connected status initially', () => {
-  const { result } = renderHook(() => useConnectionHealth(), {
-    wrapper: ConnectionHealthProvider,
-  })
-  expect(result.current.status).toBe('connected')
-})
-```
-
-Note: `result.current` always holds the latest committed value (like a ref). Access it after `act()` to see state changes.
-
-### Utils / Services
-- **Pure functions**: input → output for normal cases, boundary values, and error inputs.
-- No DOM rendering needed — use plain `.test.ts` files.
-
-### What NOT to Test
-- Fluent UI component internals (trust the library).
-- CSS styling details (test behavior and accessibility, not visual appearance).
-- Implementation details like internal state variable names.
-
-## Debugging Tests
-
-### `screen.debug()`
-Use `screen.debug()` to print the current DOM to the console when a test is failing. This is far more useful than inspecting the raw container.
-
-```tsx
-screen.debug()                         // prints entire document.body
-screen.debug(screen.getByRole('dialog'))  // prints a specific subtree
-screen.debug(undefined, 30000)         // increase max output length
-```
-
-### `logRoles`
-When you're not sure which roles are available, use `logRoles` to see every element's implicit and explicit role:
-
-```tsx
-import { logRoles } from '@testing-library/react'
-
-const { container } = render(<MyComponent />)
-logRoles(container)
-```
-
-## Scoped Queries with `within`
-
-Use `within` to scope queries to a specific subtree — useful when the same text or role appears multiple times on the page.
-
-```tsx
-import { within } from '@testing-library/react'
-
-const dialog = screen.getByRole('dialog')
-const confirmButton = within(dialog).getByRole('button', { name: /confirm/i })
-```
-
-## Assertions
-
-### Prefer `@testing-library/jest-dom` Matchers
-
-```tsx
-// CORRECT — expressive, readable
-expect(button).toBeDisabled()
-expect(banner).toBeInTheDocument()
-expect(input).toHaveValue('hello')
-
-// INCORRECT — testing implementation details
-expect(button.disabled).toBe(true)
-expect(document.querySelector('[data-testid="banner"]')).not.toBeNull()
-```
-
-### Callback Assertions
-
-```tsx
-// Verify a callback was called
-expect(onSend).toHaveBeenCalledTimes(1)
-
-// Inspect call arguments when assertion with `toHaveBeenCalledWith` is awkward
-const [firstArg] = onSend.mock.calls[0]
-expect(firstArg.content).toBe('Hello')
-```
-
-## Coverage
-
-Coverage thresholds are enforced globally in `jest.config.ts`:
-
-| Metric | Threshold |
-|---|---|
-| Branches | 85% |
-| Functions | 90% |
-| Lines | 90% |
-| Statements | 85% |
-
-Run coverage locally:
-```bash
-cd frontend && npm run test:coverage
-```
-
-Files excluded from coverage: `main.tsx`, `vite-env.d.ts`, `services/api.ts` (thin Axios wrapper, tested indirectly).
-
-## E2E Tests (Playwright)
-
-- E2E tests live in `frontend/e2e/`.
-- They test full user flows against a running backend.
-- Do NOT mock APIs in E2E tests — they exercise the real stack.
-- Run with `npm run test:e2e` (headless) or `npm run test:e2e:headed`.
-
-## Common Anti-Patterns
-
-| Anti-pattern | Why it's wrong | Do this instead |
-|---|---|---|
-| `container.querySelector('.my-class')` | Couples test to CSS class names | Use `getByRole`, `getByText`, or `getByTestId` |
-| `expect(component.state.count).toBe(1)` | Tests internal state, not behavior | Assert on what the user sees: `expect(screen.getByText('1')).toBeInTheDocument()` |
-| `fireEvent.click(button)` for a user click | Doesn't simulate the full browser event chain | Use `await user.click(button)` |
-| `getByText('Submit')` without regex | Brittle — breaks on case changes or whitespace | Use `getByRole('button', { name: /submit/i })` |
-| `await waitFor(() => getByText('done'))` | `getBy` already throws — redundant wrapping | Use `await findByText('done')` |
-| Wrapping `render` in `act(...)` manually | RTL's `render` already wraps in `act` | Just call `render(<Component />)` |
-| Tests that depend on execution order | Fragile, hides bugs | Each test must be independently runnable |
-
-## Final Checklist
-
-Before committing frontend tests, ensure:
-- [ ] Tests are co-located next to the source file
-- [ ] Fluent UI components are wrapped in `FluentProvider` via `TestWrapper`
-- [ ] DOM queries follow priority: `getByRole` > `getByLabelText` > `getByText` > `getByTestId`
-- [ ] `screen` is used for all queries (not destructured from `render`)
-- [ ] User interactions use `userEvent.setup()`, not `fireEvent`
-- [ ] `queryBy*` used for absence assertions, `findBy*` for async appearance
-- [ ] API mocks target service objects, not Axios internals
-- [ ] `jest.clearAllMocks()` in `beforeEach`
-- [ ] No testing of Fluent UI internals, CSS details, or internal state
-- [ ] Async operations use `findBy*` queries, `waitFor`, or `waitForElementToBeRemoved`
-- [ ] Coverage thresholds still pass (`npm run test:coverage`)
diff --git a/.github/instructions/scorers.instructions.md b/.github/instructions/scorers.instructions.md
deleted file mode 100644
index b4200704e0..0000000000
--- a/.github/instructions/scorers.instructions.md
+++ /dev/null
@@ -1,60 +0,0 @@
----
-applyTo: "pyrit/score/**"
----
-
-# PyRIT Scorer Development Guidelines
-
-Scorers evaluate model responses against an objective and live under `pyrit/score/`. Style rules from `style-guide.instructions.md` (async `_async` suffix, keyword-only args, type hints, enums-over-Literals) still apply and are not repeated here.
-
-## Constructor contract
-
-`Scorer` subclasses MUST use the keyword-only constructor shape:
-
-```python
-class MyScorer(Scorer):
-    def __init__(
-        self,
-        *,
-        chat_target: PromptTarget | None = None,
-        threshold: float = 0.5,
-        validator: ScorerPromptValidator | None = None,
-    ) -> None:
-        super().__init__(
-            validator=validator or self._DEFAULT_VALIDATOR,
-            chat_target=chat_target,
-        )
-```
-
-Requirements:
-
-- All parameters after ``self`` are keyword-only (insert ``*`` immediately
-  after ``self``). This is **enforced at class-definition time** by
-  `Scorer.__init_subclass__` calling `enforce_keyword_only_init`
-  (see `pyrit/common/brick_contract.py`). Non-conforming subclasses
-  raise `TypeError` at import time.
-- ``super().__init__(validator=..., chat_target=...)`` is required so the
-  base class wires the validator and validates ``TARGET_REQUIREMENTS``
-  against any provided ``chat_target``.
-- Existing subclasses that cannot adopt the contract immediately may set
-  the class attribute ``_brick_legacy_init = True`` to opt into a
-  one-release grace period that downgrades the error to a
-  ``DeprecationWarning(removed_in="0.16.0")``. The opt-out is removed in
-  0.16.0; classes that still violate the contract at that point will hard
-  fail.
-
-### Currently grandfathered
-
-- ``PlagiarismScorer`` (``pyrit/score/float_scale/plagiarism_scorer.py``) —
-  accepts ``reference_text`` positionally as part of its public API. The
-  positional shape is preserved through one release cycle via
-  ``_brick_legacy_init = True`` and is scheduled to become
-  keyword-only in 0.16.0 (``BREAKING CHANGE``).
-
-## Common pitfalls
-
-- Forgetting ``*`` after ``self`` — the new check will surface this at
-  import time with the exact list of positional parameters that need to be
-  made keyword-only.
-- Calling ``super().__init__`` with positional args — the base
-  ``Scorer.__init__`` is already keyword-only, so positional calls raise
-  ``TypeError`` at runtime. Always forward via kwargs.
diff --git a/.github/instructions/targets.instructions.md b/.github/instructions/targets.instructions.md
deleted file mode 100644
index 19040be72b..0000000000
--- a/.github/instructions/targets.instructions.md
+++ /dev/null
@@ -1,111 +0,0 @@
----
-applyTo: "pyrit/prompt_target/**"
----
-
-# Prompt Target Development Guidelines
-
-## Base Class Contract
-
-All targets MUST inherit from ``PromptTarget`` (or one of its public
-subclasses such as ``OpenAITarget`` / ``HTTPTarget``) and implement
-``_send_prompt_to_target_async``:
-
-```python
-from pyrit.prompt_target.common.prompt_target import PromptTarget
-
-
-class MyTarget(PromptTarget):
-    def __init__(
-        self,
-        *,
-        endpoint: str,
-        api_key: str,
-        max_requests_per_minute: int | None = None,
-        custom_configuration: TargetConfiguration | None = None,
-    ) -> None:
-        super().__init__(
-            endpoint=endpoint,
-            max_requests_per_minute=max_requests_per_minute,
-            custom_configuration=custom_configuration,
-        )
-        self._api_key = api_key
-
-    async def _send_prompt_to_target_async(
-        self, *, normalized_conversation: list[Message]
-    ) -> list[Message]:
-        ...
-```
-
-``send_prompt_async`` (the public entry point) is ``@final`` and MUST NOT
-be overridden. Override ``_send_prompt_to_target_async`` instead.
-
-## Keyword-only ``__init__`` is enforced
-
-Every ``PromptTarget`` subclass MUST make all ``__init__`` parameters
-keyword-only (i.e., place ``*`` as the first parameter after ``self``).
-``PromptTarget.__init_subclass__`` validates this at class-definition time
-via ``enforce_keyword_only_init`` and raises ``TypeError`` on violations.
-
-The check is satisfied by either of:
-
-```python
-def __init__(self, *, endpoint: str, api_key: str) -> None: ...
-
-def __init__(self, *args: Any, **kwargs: Any) -> None: ...  # *args after self
-```
-
-It rejects:
-
-```python
-def __init__(self, endpoint: str, api_key: str) -> None: ...    # missing *
-```
-
-> [!NOTE]
-> ``PromptTarget.__init__`` *itself* still accepts positional parameters and
-> is not currently keyword-only. The ``__init_subclass__`` hook only runs for
-> subclasses, so the base class non-compliance is tolerated during the warn-
-> first phase. The base ``__init__`` will be reshaped to be keyword-only in
-> 0.16.0 as a BREAKING CHANGE.
-
-## Temporary opt-out: ``_brick_legacy_init``
-
-A handful of legacy targets whose positional ``__init__`` is part of the
-public API are grandfathered with ``_brick_legacy_init = True``. They
-emit a ``DeprecationWarning`` at import time and the opt-out is scheduled
-for removal in **0.16.0**. Do not set this flag on new targets; new
-targets MUST follow the keyword-only contract.
-
-Currently grandfathered (slated for cleanup in 0.16.0):
-``HTTPTarget``, ``OpenAICompletionTarget``, ``OpenAIImageTarget``,
-``PromptShieldTarget``.
-
-## Configuration and Capabilities
-
-- Set ``_DEFAULT_CONFIGURATION`` at the class level when your target's
-  capabilities differ from the base defaults (multi-turn support, non-text
-  modalities, JSON-mode responses, etc.).
-- Accept ``custom_configuration: TargetConfiguration | None = None`` in
-  ``__init__`` and forward it to ``super().__init__`` so callers can
-  override capabilities per-instance (this is required for HTTP / Playwright
-  targets whose capabilities depend on deployment configuration).
-
-## Identifiable Pattern
-
-All targets inherit ``Identifiable``. Override ``_build_identifier()`` to
-include parameters that affect target behaviour:
-
-```python
-def _build_identifier(self) -> ComponentIdentifier:
-    return self._create_identifier(
-        params={"endpoint": self._endpoint, "model_name": self._model_name},
-    )
-```
-
-Include: endpoint, model_name, deployment identifiers, custom headers that
-affect routing.
-Exclude: API keys, retry counts, logging config, timeouts.
-
-## Exports
-
-New targets MUST be added to ``pyrit/prompt_target/__init__.py`` — both
-the import and the ``__all__`` list.
diff --git a/.github/skills/attack-strategy-development/SKILL.md b/.github/skills/attack-strategy-development/SKILL.md
new file mode 100644
index 0000000000..334367b3d7
--- /dev/null
+++ b/.github/skills/attack-strategy-development/SKILL.md
@@ -0,0 +1,33 @@
+---
+name: attack-strategy-development
+description: PyRIT AttackStrategy development contract and conventions for code under pyrit/executor/attack/. Use when creating, modifying, or reviewing an attack strategy or executor.
+---
+
+> Applies to `pyrit/executor/attack/**`.
+
+# PyRIT AttackStrategy Development Guidelines
+
+`AttackStrategy` subclasses (single-turn attacks like `PromptSendingAttack`, multi-turn like `RedTeamingAttack`) are pluggable bricks orchestrated by `AttackExecutor` and the `Scenario` framework. Style rules from `style-guide.instructions.md` (async `_async` suffix, keyword-only args, type hints, enums-over-Literals) still apply and are not repeated here.
+
+## Constructor contract
+
+```python
+class MyAttack(AttackStrategy[MyContext, MyResult]):
+    def __init__(
+        self,
+        *,
+        objective_target: PromptTarget,
+        custom_param: str = "",
+        **kwargs: Any,
+    ) -> None:
+        super().__init__(
+            objective_target=objective_target,
+            context_type=MyContext,
+            **kwargs,
+        )
+```
+
+- Place `*` immediately after `self`. `AttackStrategy.__init_subclass__` enforces this via `enforce_keyword_only_init` (see `pyrit/common/brick_contract.py`) and raises `TypeError` at class-definition time, naming the offending positional params.
+- Call `super().__init__(...)` with at least `objective_target` and `context_type`. The base `__init__` is keyword-only, so positional calls raise `TypeError` at runtime.
+- A class that cannot adopt the contract yet may set `_brick_legacy_init = True` for a one-release grace period (downgrades the error to a `DeprecationWarning`; removed in **0.16.0**).
+- Complementary check: `AttackTechniqueFactory` rejects `**kwargs` in attack `__init__` at factory-registration time (`pyrit/scenario/core/attack_technique_factory.py`) — that catches scenarios-side wiring mistakes, while `__init_subclass__` catches the `__init__` shape at class-definition time.
diff --git a/.github/skills/docs-sync/SKILL.md b/.github/skills/docs-sync/SKILL.md
new file mode 100644
index 0000000000..37b6c0b467
--- /dev/null
+++ b/.github/skills/docs-sync/SKILL.md
@@ -0,0 +1,43 @@
+---
+name: docs-sync
+description: PyRIT documentation synchronization rules for paired jupytext .py (percent format) and .ipynb notebooks under doc/. Use when creating, modifying, or reviewing files under doc/.
+---
+
+> Applies to `doc/**/*.{py,ipynb}`.
+
+# Documentation File Synchronization
+
+Every notebook under `doc/` is a **jupytext pair**: a `.py` (percent format) and a `.ipynb`. They MUST stay in sync — the `.py` is the source jupytext manages, and the `.ipynb` carries the rendered outputs readers see. Never change one without addressing the other; out-of-sync pairs are worse than a slow regeneration.
+
+## How to make a change
+
+**Small edits** (imports, paths, variable names, one-line fixes) — edit **both files inline** with identical logical changes. This is fastest and avoids running anything. Even a one-character mismatch breaks the pair, so diff the two cells afterward to confirm code cells, imports, paths, and values match exactly.
+
+**Large or structural edits** — edit the `.py` only, then regenerate the notebook:
+
+```bash
+jupytext --to ipynb --execute doc/path/to/notebook.py
+```
+
+`--execute` runs every cell (takes minutes and needs working credentials — see below), which is why it's reserved for changes too complex to mirror by hand.
+
+Regenerating the **other** direction (`.py` from an edited `.ipynb`) is fast because it does **not** execute:
+
+```bash
+jupytext --to py:percent doc/path/to/notebook.ipynb
+```
+
+## Keep cell outputs
+
+Do **not** strip outputs from `doc/` notebooks — rendered tables, images, and printer output are part of the documentation. `nbstripout` is intentionally not run on `doc/`. If a notebook can't execute end-to-end, surface that in review rather than committing an output-less notebook.
+
+## Before running `jupytext --execute`
+
+1. **Kernel must point at this checkout.** Reusing an existing `pyrit` kernel is fine only if it resolves to this worktree:
+   `python -c "import pyrit, pathlib; print(pathlib.Path(pyrit.__file__).resolve())"`
+   If it doesn't match, run `pip install -e .` here (rebinds the kernel; no new kernel needed). Only create a new kernel if you actually need an isolated env.
+2. **Credentials must be present.** Most notebooks call live targets (OpenAI, Azure, etc.) and load creds from `~/.pyrit/.env`.
+
+## Debugging: a cell silently never executes
+
+If `--execute` fails with errors that look like uninitialized state (missing env vars, undefined names, `initialize_pyrit_async` apparently not run, a failing `Cell In[1]` despite earlier code), **check the `# %%` cell separators in the `.py` first.** A missing `# %%` between a `# %% [markdown]` block and the following code makes jupytext absorb the code into the markdown cell, so it never runs. Verify cell markers before chasing env-loading or runtime issues.
diff --git a/.github/skills/frontend-testing/SKILL.md b/.github/skills/frontend-testing/SKILL.md
new file mode 100644
index 0000000000..c940618d68
--- /dev/null
+++ b/.github/skills/frontend-testing/SKILL.md
@@ -0,0 +1,109 @@
+---
+name: frontend-testing
+description: PyRIT frontend test guidelines for React/TypeScript tests (frontend/**/*.test.{ts,tsx}). Use when creating, modifying, or reviewing frontend tests.
+---
+
+> Applies to `frontend/**/*.test.{ts,tsx}`.
+
+# PyRIT Frontend Test Instructions
+
+Jest + React Testing Library (RTL) + Fluent UI v9. This covers **PyRIT-specific** conventions. For generic RTL / jest-dom API details — query-priority ordering, `get`/`query`/`find` variants, the full `userEvent` API, `TextMatch` patterns, debugging helpers like `screen.debug()` / `logRoles` / `within` — follow the [Testing Library docs](https://testing-library.com/docs/) rather than restating them here.
+
+## Test stack
+
+| Tool | Purpose |
+|---|---|
+| **Jest** (`ts-jest`, `jsdom`) | Runner and assertions |
+| **React Testing Library** | Component rendering and DOM queries |
+| **`@testing-library/user-event`** | Realistic user interactions |
+| **`@testing-library/jest-dom`** | DOM matchers (`toBeInTheDocument`, `toBeDisabled`, …) |
+| **Playwright** | E2E (separate from unit tests) |
+
+## File naming & location
+
+Co-locate tests next to the source they test: `<ComponentName>.test.tsx`, or `<moduleName>.test.ts` for pure utilities (no JSX needed).
+
+## Rendering Fluent UI components
+
+Fluent UI v9 requires `FluentProvider` in the tree. Define a `TestWrapper` at the top of any file that renders Fluent components:
+
+```tsx
+import { FluentProvider, webLightTheme } from '@fluentui/react-components'
+
+const TestWrapper: React.FC<{ children: React.ReactNode }> = ({ children }) => (
+  <FluentProvider theme={webLightTheme}>{children}</FluentProvider>
+)
+
+render(<TestWrapper><MyComponent {...props} /></TestWrapper>)
+```
+
+For components that consume React Context (e.g. `useConnectionHealth`), either wrap with the real provider or mock the hook:
+
+```tsx
+jest.mock('@/hooks/useConnectionHealth', () => ({
+  useConnectionHealth: () => ({ status: 'connected', reconnectCount: 0 }),
+}))
+```
+
+## Query & interaction conventions
+
+> "The more your tests resemble the way your software is used, the more confidence they can give you." — Kent C. Dodds. If a test breaks only because of a refactor (not a behavior change), it's too tightly coupled.
+
+- **Query through `screen`** — don't destructure queries from `render()`.
+- **Prefer semantic queries** (`getByRole('button', { name: /send/i })`, `getByLabelText`, `getByText`) over `container.querySelector` or CSS classes. Use `getByTestId` only when no semantic query works.
+- **Use `userEvent` (with `userEvent.setup()`), not `fireEvent`** — it simulates the full browser event chain and enforces visibility/interactability. Create the `user` before `render()`, not inside `beforeEach`.
+- **Async:** `findBy*` for appearance, `waitForElementToBeRemoved` for disappearance, `queryBy*` for absence assertions.
+- Reset mocks with `beforeEach(() => jest.clearAllMocks())`.
+
+```tsx
+it('calls onSend when the user types and clicks send', async () => {
+  const user = userEvent.setup()
+  const onSend = jest.fn()
+  render(<TestWrapper><ChatInputArea onSend={onSend} disabled={false} /></TestWrapper>)
+  await user.type(screen.getByRole('textbox'), 'Hello')
+  await user.click(screen.getByRole('button', { name: /send/i }))
+  expect(onSend).toHaveBeenCalled()
+})
+```
+
+## Mocking
+
+**API:** mock the service objects from `src/services/api.ts` — do NOT mock Axios directly.
+
+```tsx
+jest.mock('@/services/api', () => ({
+  attacksApi: { getMessages: jest.fn(), createAttack: jest.fn() },
+}))
+```
+
+**Timers:** for polling/intervals, use `jest.useFakeTimers()` / `jest.useRealTimers()` and drive with `jest.advanceTimersByTime(...)`.
+
+**Already mocked globally in `src/setupTests.ts` — do NOT re-mock:** `window.matchMedia`, `ResizeObserver`, `IntersectionObserver`, `Element.prototype.scrollTo` / `scrollIntoView`, `URL.createObjectURL` / `revokeObjectURL`, and `import.meta.env` (`VITE_API_URL`, `MODE`).
+
+## What to test
+
+- **Components:** rendering for given props (incl. empty / loading / error states), user interactions invoke the right callbacks, conditional rendering, accessibility (roles reachable, disabled states reflected).
+- **Hooks:** state transitions and side effects (API calls fire, intervals set up and cleaned up). Prefer testing through a consuming component; use `renderHook` only for reusable library-style hooks.
+- **Utils / services:** pure input → output for normal, boundary, and error inputs (`.test.ts`, no DOM).
+
+Do **not** test Fluent UI internals, CSS / visual details, or internal state variable names.
+
+## Coverage
+
+Thresholds enforced in `jest.config.ts`: branches 85%, functions 90%, lines 90%, statements 85%. Run `cd frontend && npm run test:coverage`. Excluded: `main.tsx`, `vite-env.d.ts`, `services/api.ts` (thin Axios wrapper, tested indirectly).
+
+## E2E (Playwright)
+
+E2E tests live in `frontend/e2e/`, exercise full flows against a running backend, and do **not** mock APIs. Run `npm run test:e2e` (headless) or `npm run test:e2e:headed`.
+
+## Common anti-patterns
+
+| Anti-pattern | Do this instead |
+|---|---|
+| `container.querySelector('.my-class')` | `getByRole` / `getByText` / `getByTestId` |
+| `expect(component.state.x).toBe(...)` | Assert what the user sees |
+| `fireEvent.click(button)` for a user click | `await user.click(button)` |
+| `getByText('Submit')` (no regex) | `getByRole('button', { name: /submit/i })` |
+| `await waitFor(() => getByText('done'))` | `await findByText('done')` |
+| Wrapping `render` in `act(...)` manually | `render(...)` already wraps in `act` |
+| Tests that depend on execution order | Make each test independently runnable |
diff --git a/.github/instructions/models.instructions.md b/.github/skills/models-guidelines/SKILL.md
similarity index 85%
rename from .github/instructions/models.instructions.md
rename to .github/skills/models-guidelines/SKILL.md
index 4a9e32baa0..c9b3d3e770 100644
--- a/.github/instructions/models.instructions.md
+++ b/.github/skills/models-guidelines/SKILL.md
@@ -1,7 +1,10 @@
 ---
-applyTo: "pyrit/models/**"
+name: models-guidelines
+description: Guidelines for pyrit.models types and import boundaries (code under pyrit/models/). Use when creating, modifying, or reviewing PyRIT model and dataclass types.
 ---
 
+> Applies to `pyrit/models/**`.
+
 # `pyrit.models` Guidelines
 
 ## Import Boundary
diff --git a/.github/instructions/output.instructions.md b/.github/skills/output-module/SKILL.md
similarity index 93%
rename from .github/instructions/output.instructions.md
rename to .github/skills/output-module/SKILL.md
index d099c65a44..e46c16f618 100644
--- a/.github/instructions/output.instructions.md
+++ b/.github/skills/output-module/SKILL.md
@@ -1,7 +1,10 @@
 ---
-applyTo: "pyrit/output/**"
+name: output-module
+description: PyRIT output module coding and review guidelines for code under pyrit/output/. Use when creating, modifying, or reviewing output module code.
 ---
 
+> Applies to `pyrit/output/**`.
+
 # PyRIT Output Module — Coding & Review Guidelines
 
 For full architecture documentation, usage examples, and extension guides, see [doc/code/output/0_output.py](../../../doc/code/output/0_output.py).
diff --git a/.github/instructions/converters.instructions.md b/.github/skills/prompt-converter-development/SKILL.md
similarity index 65%
rename from .github/instructions/converters.instructions.md
rename to .github/skills/prompt-converter-development/SKILL.md
index f409395e01..ede6817d50 100644
--- a/.github/instructions/converters.instructions.md
+++ b/.github/skills/prompt-converter-development/SKILL.md
@@ -1,7 +1,10 @@
 ---
-applyTo: "pyrit/prompt_converter/**"
+name: prompt-converter-development
+description: PyRIT prompt converter development contract and conventions for code under pyrit/prompt_converter/. Use when creating, modifying, or reviewing a PromptConverter, including SUPPORTED_INPUT_TYPES/OUTPUT_TYPES, ConverterResult, keyword-only __init__, and __init__.py exports.
 ---
 
+> Applies to `pyrit/prompt_converter/**`.
+
 # Prompt Converter Development Guidelines
 
 ## Base Class Contract
@@ -80,41 +83,17 @@ class MyConverter(PromptConverter):
         ...
 ```
 
-### Keyword-only ``__init__`` is enforced
-
-Every ``PromptConverter`` subclass MUST make all ``__init__`` parameters
-keyword-only (i.e., place ``*`` as the first parameter after ``self``).
-``PromptConverter.__init_subclass__`` validates this at class-definition
-time via ``enforce_keyword_only_init`` and raises ``TypeError`` on
-violations.
+### Keyword-only `__init__` is enforced
 
-The check is satisfied by either of:
+Every `PromptConverter` subclass MUST make all `__init__` parameters keyword-only — place `*` as the first parameter after `self`. `PromptConverter.__init_subclass__` validates this via `enforce_keyword_only_init` and raises `TypeError` at class-definition time.
 
 ```python
-def __init__(self, *, foo: str, bar: int = 0) -> None: ...
-
-def __init__(self, *args: str, foo: str = "") -> None: ...  # *args after self
+def __init__(self, *, foo: str, bar: int = 0) -> None: ...   # OK
+def __init__(self, *args: str, foo: str = "") -> None: ...   # OK (*args after self)
+def __init__(self, foo: str, bar: int = 0) -> None: ...      # rejected — missing *
 ```
 
-It rejects:
-
-```python
-def __init__(self, foo: str, bar: int = 0) -> None: ...    # missing *
-```
-
-### Temporary opt-out: ``_brick_legacy_init``
-
-A handful of legacy converters whose positional ``__init__`` is part of the
-public API are grandfathered with ``_brick_legacy_init = True``. They
-emit a ``DeprecationWarning`` at import time and the opt-out is scheduled
-for removal in **0.16.0**. Do not set this flag on new converters; new
-converters MUST follow the keyword-only contract.
-
-Currently grandfathered (slated for cleanup in 0.16.0):
-``AddImageVideoConverter``, ``AnsiAttackConverter``, ``AsciiArtConverter``,
-``AskToDecodeConverter``, ``DiacriticConverter``, ``InsertPunctuationConverter``,
-``PDFConverter``, ``QRCodeConverter``, ``RandomCapitalLettersConverter``,
-``SearchReplaceConverter``, ``SmugglerConverter`` (and its three subclasses).
+A few legacy converters whose positional `__init__` is public API opt out with `_brick_legacy_init = True` (emits a `DeprecationWarning`; removed in **0.16.0**). Find the current set with `grep -rl "_brick_legacy_init = True" pyrit/prompt_converter/`. Do not add new converters to it.
 
 ## Exports and External Updates
 
diff --git a/.github/skills/prompt-target-development/SKILL.md b/.github/skills/prompt-target-development/SKILL.md
new file mode 100644
index 0000000000..e1f21496b1
--- /dev/null
+++ b/.github/skills/prompt-target-development/SKILL.md
@@ -0,0 +1,78 @@
+---
+name: prompt-target-development
+description: PyRIT prompt target development guidelines for code under pyrit/prompt_target/. Use when creating, modifying, or reviewing a PromptTarget.
+---
+
+> Applies to `pyrit/prompt_target/**`.
+
+# Prompt Target Development Guidelines
+
+## Base Class Contract
+
+All targets MUST inherit from `PromptTarget` (or one of its public subclasses such as `OpenAITarget` / `HTTPTarget`) and implement `_send_prompt_to_target_async`:
+
+```python
+from pyrit.prompt_target.common.prompt_target import PromptTarget
+
+
+class MyTarget(PromptTarget):
+    def __init__(
+        self,
+        *,
+        endpoint: str,
+        api_key: str,
+        max_requests_per_minute: int | None = None,
+        custom_configuration: TargetConfiguration | None = None,
+    ) -> None:
+        super().__init__(
+            endpoint=endpoint,
+            max_requests_per_minute=max_requests_per_minute,
+            custom_configuration=custom_configuration,
+        )
+        self._api_key = api_key
+
+    async def _send_prompt_to_target_async(
+        self, *, normalized_conversation: list[Message]
+    ) -> list[Message]:
+        ...
+```
+
+`send_prompt_async` (the public entry point) is `@final` and MUST NOT be overridden. Override `_send_prompt_to_target_async` instead.
+
+## Keyword-only `__init__` is enforced
+
+Every `PromptTarget` subclass MUST make all `__init__` parameters keyword-only — place `*` as the first parameter after `self`. `PromptTarget.__init_subclass__` validates this via `enforce_keyword_only_init` and raises `TypeError` at class-definition time.
+
+```python
+def __init__(self, *, endpoint: str, api_key: str) -> None: ...   # OK
+def __init__(self, *args: Any, **kwargs: Any) -> None: ...        # OK (*args after self)
+def __init__(self, endpoint: str, api_key: str) -> None: ...      # rejected — missing *
+```
+
+> [!NOTE]
+> `PromptTarget.__init__` *itself* is still positional — `__init_subclass__` only runs for subclasses, so the base is tolerated during the warn-first phase. The base `__init__` becomes keyword-only in 0.16.0 (BREAKING CHANGE).
+
+A few legacy targets whose positional `__init__` is public API opt out with `_brick_legacy_init = True` (emits a `DeprecationWarning`; removed in **0.16.0**). Find the current set with `grep -rl "_brick_legacy_init = True" pyrit/prompt_target/`. Do not add new targets to it.
+
+## Configuration and Capabilities
+
+- Set `_DEFAULT_CONFIGURATION` at the class level when your target's capabilities differ from the base defaults (multi-turn support, non-text modalities, JSON-mode responses, etc.).
+- Accept `custom_configuration: TargetConfiguration | None = None` in `__init__` and forward it to `super().__init__` so callers can override capabilities per-instance (this is required for HTTP / Playwright targets whose capabilities depend on deployment configuration).
+
+## Identifiable Pattern
+
+All targets inherit `Identifiable`. Override `_build_identifier()` to include parameters that affect target behaviour:
+
+```python
+def _build_identifier(self) -> ComponentIdentifier:
+    return self._create_identifier(
+        params={"endpoint": self._endpoint, "model_name": self._model_name},
+    )
+```
+
+Include: endpoint, model_name, deployment identifiers, custom headers that affect routing.
+Exclude: API keys, retry counts, logging config, timeouts.
+
+## Exports
+
+New targets MUST be added to `pyrit/prompt_target/__init__.py` — both the import and the `__all__` list.
diff --git a/.github/instructions/scenarios.instructions.md b/.github/skills/scenario-development/SKILL.md
similarity index 93%
rename from .github/instructions/scenarios.instructions.md
rename to .github/skills/scenario-development/SKILL.md
index 40fb4150b8..2f2e40e95f 100644
--- a/.github/instructions/scenarios.instructions.md
+++ b/.github/skills/scenario-development/SKILL.md
@@ -1,7 +1,10 @@
 ---
-applyTo: "pyrit/scenario/**"
+name: scenario-development
+description: PyRIT scenario development contract and conventions for code under pyrit/scenario/. Use when creating, modifying, or reviewing a Scenario.
 ---
 
+> Applies to `pyrit/scenario/**`.
+
 # PyRIT Scenario Development Guidelines
 
 Scenarios orchestrate multi-attack security testing campaigns. Each scenario groups `AtomicAttack` instances and executes them sequentially against a target.
@@ -14,24 +17,7 @@ All scenarios inherit from `Scenario` (ABC) and must:
 2. **Optionally declare `BASELINE_ATTACK_POLICY`** (defaults to `BaselineAttackPolicy.Enabled` — a baseline `PromptSendingAttack` is prepended and callers can opt out per run via `initialize_async(include_baseline=False)`):
    - `BaselineAttackPolicy.Disabled` — baseline supported but off by default (e.g. `Jailbreak`, where templates dominate the run).
    - `BaselineAttackPolicy.Forbidden` — baseline is meaningless for this scenario's comparison axis (e.g. `AdversarialBenchmark`, which compares against gold-standard answers). Explicit `include_baseline=True` raises `ValueError`.
-3. **Pass `strategy_class`, `default_strategy`, and `default_dataset_config` to `super().__init__()`:**
-
-```python
-class MyScenario(Scenario):
-    VERSION: int = 1
-    BASELINE_ATTACK_POLICY: ClassVar[BaselineAttackPolicy] = BaselineAttackPolicy.Enabled
-
-    @apply_defaults
-    def __init__(self, *, objective_scorer=None, scenario_result_id=None) -> None:
-        super().__init__(
-            version=self.VERSION,
-            strategy_class=MyStrategy,
-            default_strategy=MyStrategy.ALL,
-            default_dataset_config=DatasetConfiguration(dataset_names=["my_dataset"]),
-            objective_scorer=objective_scorer or self._get_default_objective_scorer(),
-            scenario_result_id=scenario_result_id,
-        )
-```
+3. **Pass `strategy_class`, `default_strategy`, and `default_dataset_config` to `super().__init__()`** (see the canonical example under "Constructor Pattern" below).
 
 For scenarios whose strategy enum is built dynamically (RapidResponse pattern), build the
 strategy class in a module-level `@cache`-decorated function and pass the result through
diff --git a/.github/skills/scorer-development/SKILL.md b/.github/skills/scorer-development/SKILL.md
new file mode 100644
index 0000000000..20f878dba7
--- /dev/null
+++ b/.github/skills/scorer-development/SKILL.md
@@ -0,0 +1,33 @@
+---
+name: scorer-development
+description: PyRIT scorer development contract and conventions for code under pyrit/score/. Use when creating, modifying, or reviewing a Scorer.
+---
+
+> Applies to `pyrit/score/**`.
+
+# PyRIT Scorer Development Guidelines
+
+Scorers evaluate model responses against an objective and live under `pyrit/score/`. Style rules from `style-guide.instructions.md` (async `_async` suffix, keyword-only args, type hints, enums-over-Literals) still apply and are not repeated here.
+
+## Constructor contract
+
+`Scorer` subclasses MUST use a keyword-only constructor:
+
+```python
+class MyScorer(Scorer):
+    def __init__(
+        self,
+        *,
+        chat_target: PromptTarget | None = None,
+        threshold: float = 0.5,
+        validator: ScorerPromptValidator | None = None,
+    ) -> None:
+        super().__init__(
+            validator=validator or self._DEFAULT_VALIDATOR,
+            chat_target=chat_target,
+        )
+```
+
+- Place `*` immediately after `self`. `Scorer.__init_subclass__` enforces this via `enforce_keyword_only_init` (see `pyrit/common/brick_contract.py`) and raises `TypeError` at class-definition time, naming the offending positional params.
+- Call `super().__init__(validator=..., chat_target=...)` with keywords — the base wires the validator and validates `TARGET_REQUIREMENTS` against any provided `chat_target`. The base `__init__` is itself keyword-only, so positional calls raise `TypeError` at runtime.
+- A class that cannot adopt the contract yet may set `_brick_legacy_init = True` for a one-release grace period (downgrades the error to a `DeprecationWarning`; removed in **0.16.0**). `PlagiarismScorer` currently uses this to keep `reference_text` positional — do not add new scorers to it.
diff --git a/.github/instructions/datasets.instructions.md b/.github/skills/seed-dataset-loaders/SKILL.md
similarity index 95%
rename from .github/instructions/datasets.instructions.md
rename to .github/skills/seed-dataset-loaders/SKILL.md
index 4e2bbf8002..a3e5355a1a 100644
--- a/.github/instructions/datasets.instructions.md
+++ b/.github/skills/seed-dataset-loaders/SKILL.md
@@ -1,7 +1,10 @@
 ---
-applyTo: "pyrit/datasets/seed_datasets/**"
+name: seed-dataset-loaders
+description: PyRIT seed dataset loader guidelines for code under pyrit/datasets/seed_datasets/. Use when creating, modifying, or reviewing a seed dataset loader.
 ---
 
+> Applies to `pyrit/datasets/seed_datasets/**`.
+
 # Seed Dataset Loader Guidelines
 
 These rules apply when adding or modifying loaders under `pyrit/datasets/seed_datasets/`.
@@ -99,7 +102,7 @@ Add the loader and any new public enums to `pyrit/datasets/seed_datasets/remote/
 The rendered datasets notebook drives the public list of built-in datasets on the docs site, so every new loader must touch it:
 
 - Add the new dataset and its cite key to the prose paragraph at the top of `doc/code/datasets/1_loading_datasets.py` (alphabetical with the rest), and add the matching entry to `doc/code/datasets/1_loading_datasets.ipynb`.
-- Regenerate the notebook so the `SeedDatasetProvider.get_all_dataset_names_async()` output cell picks up the new loader: `jupytext --to ipynb --execute doc/code/datasets/1_loading_datasets.py`. Inline edits to both files are also acceptable per `docs.instructions.md`, but executed regeneration is the only way the rendered dataset-name list stays in sync.
+- Regenerate the notebook so the `SeedDatasetProvider.get_all_dataset_names_async()` output cell picks up the new loader: `jupytext --to ipynb --execute doc/code/datasets/1_loading_datasets.py`. Inline edits to both files are also acceptable per the `docs-sync` skill, but executed regeneration is the only way the rendered dataset-name list stays in sync.
 
 ## Test loaders against mocked HF data
 
diff --git a/pyrit/executor/attack/core/attack_strategy.py b/pyrit/executor/attack/core/attack_strategy.py
index 19929f8888..2ac17992e3 100644
--- a/pyrit/executor/attack/core/attack_strategy.py
+++ b/pyrit/executor/attack/core/attack_strategy.py
@@ -385,8 +385,9 @@ class AttackStrategy(Strategy[AttackStrategyContextT, AttackStrategyResultT], Id
 
     Subclasses must use the keyword-only constructor shape
     (``def __init__(self, *, ...)``); the contract is enforced at class
-    definition time via ``enforce_keyword_only_init``. See
-    ``.github/instructions/attacks.instructions.md`` for the full contract.
+    definition time via ``enforce_keyword_only_init``. See the
+    ``attack-strategy-development`` skill
+    (``.github/skills/attack-strategy-development/SKILL.md``) for the full contract.
     """
 
     #: Capability requirements placed on ``objective_target``. Subclasses
@@ -397,7 +398,8 @@ def __init_subclass__(cls, **kwargs: Any) -> None:
         """
         Enforce the keyword-only constructor contract on subclasses.
 
-        See ``.github/instructions/attacks.instructions.md`` for the contract.
+        See the ``attack-strategy-development`` skill
+        (``.github/skills/attack-strategy-development/SKILL.md``) for the contract.
         """
         super().__init_subclass__(**kwargs)
         # Local import to avoid a circular dependency at package init time.
@@ -553,7 +555,7 @@ def _build_identifier(self) -> ComponentIdentifier:
     @property
     def params_type(self) -> type[AttackParameters]:
         """
-        Get the parameters type for this attack strategy.
+        The parameters type for this attack strategy.
 
         Returns:
             type[AttackParameters]: The parameters type this strategy accepts.
diff --git a/pyrit/models/__init__.py b/pyrit/models/__init__.py
index ff3c105ea4..dc7762a2e8 100644
--- a/pyrit/models/__init__.py
+++ b/pyrit/models/__init__.py
@@ -8,7 +8,8 @@
 import only from the standard library, ``pydantic``,
 ``pyrit.common.deprecation``, and other ``pyrit.models.*`` submodules. The
 CI test ``tests/unit/models/test_import_boundary.py`` enforces this. See
-``.github/instructions/models.instructions.md`` for the rule.
+the ``models-guidelines`` skill (``.github/skills/models-guidelines/SKILL.md``)
+for the rule.
 
 Identifier types and helpers live in the ``pyrit.models.identifiers``
 sub-package but are re-exported here, so external callers should import them
diff --git a/pyrit/scenario/core/scenario.py b/pyrit/scenario/core/scenario.py
index c920d2cbf7..742b597089 100644
--- a/pyrit/scenario/core/scenario.py
+++ b/pyrit/scenario/core/scenario.py
@@ -151,8 +151,8 @@ class Scenario(ABC):  # noqa: B024 - retained for subclass type-checking even wi
 
     Subclasses must use the keyword-only constructor shape (``def __init__(self, *, ...)``);
     the contract is enforced at class-definition time via
-    ``enforce_keyword_only_init``. See
-    ``.github/instructions/scenarios.instructions.md`` for the full contract.
+    ``enforce_keyword_only_init``. See the ``scenario-development`` skill
+    (``.github/skills/scenario-development/SKILL.md``) for the full contract.
     """
 
     #: Capability requirements placed on ``objective_target``. Subclasses override to declare
@@ -171,7 +171,8 @@ def __init_subclass__(cls, **kwargs: Any) -> None:
         """
         Enforce the keyword-only constructor contract on subclasses.
 
-        See ``.github/instructions/scenarios.instructions.md`` for the contract.
+        See the ``scenario-development`` skill
+        (``.github/skills/scenario-development/SKILL.md``) for the contract.
         """
         super().__init_subclass__(**kwargs)
         # Local import to avoid a circular dependency at package init time.
diff --git a/pyrit/score/scorer.py b/pyrit/score/scorer.py
index 031c7c1553..6f4c308284 100644
--- a/pyrit/score/scorer.py
+++ b/pyrit/score/scorer.py
@@ -61,8 +61,9 @@ class Scorer(Identifiable, abc.ABC):
 
     Subclasses must use the keyword-only constructor shape
     (``def __init__(self, *, ...)``); the contract is enforced at class
-    definition time via ``enforce_keyword_only_init``. See
-    ``.github/instructions/scorers.instructions.md`` for the full contract.
+    definition time via ``enforce_keyword_only_init``. See the
+    ``scorer-development`` skill (``.github/skills/scorer-development/SKILL.md``)
+    for the full contract.
     """
 
     # Evaluation configuration - maps input dataset files to a result file.
@@ -90,7 +91,8 @@ def __init_subclass__(cls, **kwargs: Any) -> None:
         """
         Enforce the keyword-only constructor contract on subclasses.
 
-        See ``.github/instructions/scorers.instructions.md`` for the contract.
+        See the ``scorer-development`` skill
+        (``.github/skills/scorer-development/SKILL.md``) for the contract.
         """
         super().__init_subclass__(**kwargs)
         # Local import to avoid a circular dependency at package init time.
@@ -141,7 +143,7 @@ def get_identifier(self) -> ComponentIdentifier:
     @property
     def scorer_type(self) -> ScoreType:
         """
-        Get the scorer type based on class hierarchy.
+        The scorer type based on class hierarchy.
 
         Returns:
             ScoreType: "true_false" for TrueFalseScorer subclasses,
diff --git a/tests/unit/models/test_import_boundary.py b/tests/unit/models/test_import_boundary.py
index 8a61023a5e..1bb78738a9 100644
--- a/tests/unit/models/test_import_boundary.py
+++ b/tests/unit/models/test_import_boundary.py
@@ -19,7 +19,8 @@
 lists must shrink monotonically — if a known violation is no longer in source,
 this test fails and the entry must be removed.
 
-See plan.md / ``.github/instructions/models.instructions.md`` for context.
+See plan.md / the ``models-guidelines`` skill
+(``.github/skills/models-guidelines/SKILL.md``) for context.
 """
 
 from __future__ import annotations