Skip to content

agentskillexchange/verification-security

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
security
security
 
 
standards
standards
 
 
submission
submission
 
 
verification
verification
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Agent Skill Exchange Verification & Security

Public verification, security review, and skill quality process for Agent Skill Exchange.

Marketplace Primary Catalog License

What This Repo Is

This repo documents how Agent Skill Exchange reviews skill submissions, evaluates security risk, and keeps its public trust language consistent.

It is intentionally a process repo. The primary catalog, skill source files, generated indexes, and day-to-day marketplace data live in agentskillexchange/skills.

Use this repo for:

  • Verification and security review criteria
  • Reviewer checklists and threat-model guidance
  • Skill quality standards
  • Submission templates and self-review guidance
  • Lightweight scanning tools used before human review

Do not use this repo as the canonical skill catalog. Link to the skills repo for marketplace content.

Trust Labels

Agent Skill Exchange uses two public trust labels:

Label Meaning
Published The skill is listed in the catalog and has passed basic publishing checks.
Security Reviewed The skill has passed additional security review for scope, data handling, prompt-injection risk, and destructive actions.

Older internal terms such as listed or verified_metadata should be mapped to Published in public-facing docs and UI.

Repository Structure

/
├── verification/
│   └── checklist.md          # Publishing and security-review checklist
│
├── security/
│   ├── review-guide.md       # How to conduct a security review
│   ├── threat-model.md       # Threat model for agent skills
│   └── tools/
│       └── scan.sh           # Basic automated scan script
│
├── standards/
│   ├── skill-spec.md         # AgentSkill specification
│   └── categories.md         # Skill category taxonomy
│
├── submission/
│   └── SKILL_TEMPLATE.md     # Standard SKILL.md template
│
└── CONTRIBUTING.md

Quick Start

Run a self-review before submitting or updating a skill:

git clone https://github.com/agentskillexchange/verification-security.git
cd verification-security

cat verification/checklist.md
./security/tools/scan.sh /path/to/your/SKILL.md

The scanner is a first pass only. A clean scan does not guarantee that a skill is safe; it helps reviewers catch obvious issues before deeper review.

Submitting Skills

Submit and maintain skill content in the primary catalog repo:

https://github.com/agentskillexchange/skills

Use submission/SKILL_TEMPLATE.md as a starting point, and use verification/checklist.md before opening a catalog PR.

Contributing

Contributions are welcome when they improve the review process:

  • New security checks
  • Clearer review criteria
  • Better examples of risky skill behavior
  • Improvements to the scanner
  • Taxonomy refinements that help review consistency

See CONTRIBUTING.md.

License

MIT.

About

Public verification, security review, and skill quality process for Agent Skill Exchange

agentskillexchange.com

Resources

Readme

License

MIT license

Contributing

Contributing
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages