Trust & Security Center
Every skill on Agent Skill Source undergoes rigorous automated and manual review to ensure safety, quality, and trustworthiness before reaching your agent.
How Agent Skill Source Ensures Skill Safety
Agent Skill Source implements a multi-layered trust and safety system to prevent malicious code, data exfiltration, and harmful instructions from reaching production agents. Every skill is analyzed for risk patterns, manual review flags, and community feedback scores before publication.
Our trust protocol combines automated static analysis, sandbox testing, and human expert review to maintain the highest standards of security while enabling rapid discovery and installation of verified capabilities.
How We Keep Your Agents Safe
Every skill passes through our comprehensive trust framework before appearing in search results.
1. Automated Security Scanning
Static analysis detects suspicious patterns: shell commands, file access, network calls, obfuscated code, and known malware signatures.
2. Sandbox Testing
Skills are executed in isolated environments to verify behavior matches documentation and detect hidden side effects.
3. Manual Expert Review
Security engineers review flagged skills, complex logic, and high-permission requests before approval.
4. Community Governance
Users can flag, review, and discuss skills. Persistent issues or violations result in immediate delisting.
5. Continuous Monitoring
Published skills are re-scanned on updates, and signals from installs, errors, and reports feed back into trust scores.
Full Transparency
Every skill page displays its trust score, review status, permission requirements, and community feedback publicly.
What is a Trust Score?
Every skill receives a Trust Score from 0–100 based on measurable safety and quality signals. Higher scores mean lower risk and higher community confidence.
History of verified, safe skill submissions
Clear documentation, proper formatting, best practices
Zero high-risk patterns or malicious indicators
Positive reviews, frequent installs, low report rate
Regular updates, responsive to issues and feedback
Trust Score Ranges
Fully vetted, widely used, zero security flags
Reviewed, positive feedback, minor quality notes
New or limited feedback, review before installation
Security flags, negative reports, or incomplete documentation
Report a Security Issue
Found a suspicious skill or encountered a security concern? We respond to all reports within 24 hours and take immediate action when threats are confirmed.
Security Hotline
Report malicious skills, data breaches, or security vulnerabilities directly to our security team.
All reports are handled confidentially and may qualify for recognition in our security acknowledgments.
Trust & Safety FAQ
Can skills access my private data?
Skills can only access what your agent runtime explicitly allows. Most skills are prompt-only or template-based and have zero file system or network access. Skills requiring permissions display clear warnings before installation.
What happens if a skill is flagged as malicious?
Confirmed malicious skills are immediately delisted, the creator account is suspended, and affected users are notified. We maintain public incident reports for transparency.
How often are skills re-reviewed?
Every skill update triggers a new security scan. Additionally, all published skills are re-scanned quarterly against updated threat signatures and community reports.
Can I audit a skill's code before installing?
Yes! Every skill page includes a "View Source" button that shows the complete SKILL.md file and any associated scripts. Review permissions, instructions, and code before installation.
Who reviews skills manually?
Our review team includes security engineers, AI safety researchers, and experienced developers with backgrounds in adversarial ML, penetration testing, and secure software development.
Build Trust. Ship Faster.
Our trust framework makes it safe to discover and deploy agent skills from the community—without compromising security or control.