Agent Supply Chain Auditor

The problem

Third-party agent skills and SKILL.md files are a new supply chain attack vector. Traditional SAST and SCA scanners cannot detect prompt injection, malicious command patterns, or hidden data exfiltration logic embedded in agent instructions.

What it does

• Performs structured security audits across five specific vectors: prompt injection, data exfiltration, malicious commands, dependency poisoning, and credential harvesting.
• Scans SKILL.md files, companion scripts, and MCP server configurations for obfuscated attacks like zero-width characters and base64-encoded payloads.
• Assigns risk scores based on real-world research from OWASP, Unit 42, and Snyk.
• Generates a detailed audit report including a risk matrix, evidence citations, and remediation guidance.
• Provides a clear final verdict: Safe to Install, Install with Caution, or Do Not Install.

Why this beats prompting it yourself

General-purpose LLM prompts often miss specialized agentic attack patterns like Unicode obfuscation or indirect prompt injection. This tool uses a formal methodology based on 2026 security research, ensuring consistency that manual checks lack. It forces a systematic review of secondary directories and scripts that are often overlooked during a casual "check this file" prompt.

Use cases

• Auditing community skills from marketplaces like Agensi or GitHub before team-wide deployment.
• Reviewing MCP server configurations for unauthorized telemetry or credential harvesting.
• Verifying internal skill updates for backdoor instructions or dependency typosquatting.
• Establishing a security-approved skill registry for enterprise development environments.

Known limitations

This skill identifies patterns and intent. It cannot execute active penetration testing or dynamic analysis of external network endpoints mentioned in a skill.