How the Agensi Security Scan Works: What Creators Need to Know

Every skill submitted to Agensi goes through an 8-point automated security scan before it's published. Understanding what the scan checks for helps you pass it on the first try and build trust with buyers.

Quick Answer: Agensi's security scan checks for prompt injection, data exfiltration, dangerous commands, hardcoded secrets, obfuscated code, suspicious network access, zip structure integrity, and SKILL.md validity. Skills that fail any check are rejected with a specific explanation of what needs to be fixed. Most clean skills pass on the first submission.

What are the 8 security checks?

1. Prompt injection. The scan looks for instructions that attempt to override the agent's safety constraints or manipulate the agent into doing something the user didn't ask for. Hidden instructions, role-playing prompts, and attempts to bypass safety filters are all flagged.

2. Data exfiltration. The scan detects instructions that try to send user data to external endpoints, read files outside the project scope, or access environment variables that contain secrets. A skill should only operate on the files and context the user explicitly provides.

3. Dangerous commands. Shell commands that delete files recursively, modify system configurations, install unknown packages, or execute arbitrary code from remote URLs are flagged. Skills can include scripts, but those scripts need to be safe and contained.

4. Hardcoded secrets. API keys, tokens, passwords, and other credentials embedded in the SKILL.md or supporting files are detected and rejected. If your skill needs an API key, instruct the user to provide it through an environment variable rather than hardcoding it.

5. Obfuscated code. Base64-encoded strings, minified code blocks, and other obfuscation techniques are flagged because they hide what the code actually does. All code in a skill should be readable and auditable.

6. Suspicious network access. Instructions that fetch content from unknown URLs, download scripts at runtime, or establish connections to external servers are reviewed carefully. Skills should be self-contained. If your skill genuinely needs network access (for example, to call a public API), document why clearly.

7. Zip structure integrity. The uploaded zip file is validated for correct structure: a single top-level folder containing SKILL.md at the root, with optional supporting files and directories. Malformed archives, symlinks pointing outside the skill folder, and unexpected binary files are flagged.

8. SKILL.md validity. The SKILL.md file itself is parsed to confirm valid YAML frontmatter with at least a name and description field, followed by a markdown body with actual instructions. Empty files, files with only frontmatter and no instructions, and files with invalid YAML are rejected.

What happens if my skill fails the scan?

You receive a notification explaining which check failed and what specifically needs to be fixed. For example, if the scan detects a hardcoded API key, you'll be told which line contains the key and how to replace it with an environment variable reference.

Fix the issue, re-upload, and the scan runs again. There's no penalty for failing a scan, and most issues are simple fixes that take a few minutes.

How do I pass on the first try?

Keep your SKILL.md instructions focused on guiding the agent's behavior through natural language, not executing arbitrary code. Don't include any credentials, tokens, or API keys anywhere in the skill files. Make all code in scripts readable and well-commented. Don't fetch external resources at runtime unless it's essential and documented. Use a clean zip structure with one top-level folder containing SKILL.md at the root.

If your skill includes scripts, make sure they only operate within the project directory and don't modify system files, install packages globally, or delete files outside the project scope.

Does the security scan check for quality?

The automated scan only checks for security issues, not content quality. Quality review happens separately during the human review step. Admins review the skill for completeness, clarity, and category fit before it goes live on the marketplace. If the skill is technically secure but poorly written or incomplete, you'll receive feedback on what to improve.

Why does the security scan matter for sales?

Every skill on Agensi displays a "Security scanned" badge on its listing page. This badge is visible to buyers and it matters because the main competitor for Agensi skills is random SKILL.md files on GitHub that nobody has reviewed. Researchers have already found SKILL.md files in the wild with hidden prompt injection and data exfiltration instructions. The security scan is what differentiates your skill from unvetted alternatives and it's a major reason buyers choose Agensi over GitHub.

---

Submit your skill for review on Agensi. Security scan included for every submission.