Agent Skills – Open Security Database

index.tego.security · 4ppsec · 17 days ago · view on HN · vulnerability
0 net
Tags
rce
Tego · Skills Security Index / Skills Security Index Subscribe Docs Terms of Use v0.9.2 Subscribe Docs Terms of Use v0.9.4 Skills Security Index Every skill is evaluated against its stated purpose. We analyze instructions, capabilities, and permissions to surface findings, score risk, and flag anything that doesn't match what the skill claims to do. All Pass Low Medium High Critical Risk Skill Capabilities Creator Stars Analyzed Loading more... Documentation ← Back to Index About the Index The Skills Security Index is a centralized repository providing security risk analysis for agentic AI skill definitions. As AI agents increasingly rely on modular skills to perform tasks, the instructions used to define these skills become a critical attack surface. This index helps security engineers and developers understand the potential "blast radius" of any given skill before deployment. Inside the Lab Each entry in the index represents a unique skill found across major platform registries in GitHub . We perform a deep scan of the skill's identity, its instructions, and associated code to build a comprehensive security profile. Assessment Method Analyses are performed against a standardized security schema and focuse on instructional risk . Such as identifying when a skill's prompts encourage an agent to bypass guardrails or perform sensitive operations without oversight. Risk Ranking Framework Risk is calculated dynamically across three dimensions. A skill is assigned the highest (most severe) level detected among: Pass: No significant risks detected in instructions or tools. Low: Minor capability risk with appropriate scoping context. Medium: Potentially risky tool use or instructions that lack clear restrictions. High: Direct instructions for sensitive operations (e.g., broad file system write or unencrypted network use). Critical: Encouragement of malicious actions, data exfiltration, or explicit bypasses. Capabilities We classify instructions into several buckets: Tools, Code Execution, Web Access, File System, Data Access, Authentication, Network, and System. "Detected" means the skill explicitly encourages the agent to utilize these modalities. Findings Findings report specific deviations from security best practices, such as Prompt Injection vulnerabilities, Credential Exposure , or Excessive Permissions . Permissions Permissions are the underlying resource requests implied by the skill. We evaluate whether each request is justified by the skill's stated purpose. Questions or Feedback? [email protected] PROUDLY BUILT BY TEGO AI Back to Index × Subscribe Get notified about updates and new releases. Coming soon: APIs, skill submissions, and more. Name Email Message Submit
← Back to stories