The Skills Security Index is a centralized repository providing security risk analysis for agentic AI skill definitions. As AI agents increasingly rely on modular skills to perform tasks, the instructions used to define these skills become a critical attack surface. This index helps security engineers and developers understand the potential "blast radius" of any given skill before deployment.
Each entry in the index represents a unique skill found across
major platform registries in GitHub. We perform a
deep scan of the skill's identity, its instructions, and
associated code to build a comprehensive security profile.
Analyses are performed against a standardized security schema and focuse on instructional risk. Such as identifying when a skill's prompts encourage an agent to bypass guardrails or perform sensitive operations without oversight.
Risk is calculated dynamically across three dimensions. A skill is assigned the highest (most severe) level detected among:
We classify instructions into several buckets: Tools, Code Execution, Web Access, File System, Data Access, Authentication, Network, and System. "Detected" means the skill explicitly encourages the agent to utilize these modalities.
Findings report specific deviations from security best practices, such as Prompt Injection vulnerabilities, Credential Exposure, or Excessive Permissions.
Permissions are the underlying resource requests implied by the skill. We evaluate whether each request is justified by the skill's stated purpose.