Security
We aggregate prompts and skills from the wild, so every entry runs through an automated safety scan loosely aligned to the OWASP Agentic Skills Top 10.
What the scan does
It is a heuristic text scan, run at build time over every entry's content. It flags entries that contain patterns worth a human review — prompt-injection phrasing, jailbreak or safety-bypass language, data-exfiltration instructions, embedded secrets, and unsafe code. Flagged entries show a notice on their page.
It is not a security guarantee. False positives are expected: legitimate coding and security prompts often mention these terms (a jailbreak detector, for example, will match). Always review a prompt before running it against your own systems.
Coverage against the OWASP Top 10
A static text catalog can only detect text-based risks. Runtime risks (sandboxing, privileges, supply chain) are addressed by our curation policy: we only ingest permissively-licensed or vendor-published sources, keep each entry's origin and license, and exclude leaked content.
Credential leakage
Our credential checks are informed by Chen et al., How Your Credentials Are Leaked by LLM Agent Skills (2026), which found that most skill credential leaks come from secrets written to debug output that agent frameworks feed back into the model. We flag both hardcoded secrets and credentials printed to logs.
| ID | Risk | Our coverage |
|---|---|---|
| AST01 | Malicious Skills | Automated scan |
| AST02 | Supply Chain Compromise | Curation policy |
| AST03 | Over-Privileged Skills | Curation policy |
| AST04 | Insecure Metadata | Automated scan |
| AST05 | Unsafe Deserialization | Automated scan |
| AST06 | Weak Isolation | Curation policy |
| AST07 | Update Drift | Curation policy |
| AST08 | Poor Scanning | Automated scan |
| AST09 | No Governance | Curation policy |
| AST10 | Cross-Platform Reuse | Curation policy |
Found something the scan missed, or a false positive? Browse the catalog and open an issue on the source repository linked from each entry.