Public verification, security review, and skill quality process for Agent Skill Exchange.
This repo documents how Agent Skill Exchange reviews skill submissions, evaluates security risk, and keeps its public trust language consistent.
It is intentionally a process repo. The primary catalog, skill source files, generated indexes, and day-to-day marketplace data live in agentskillexchange/skills.
Star this repo if you want a compact reference for reviewing agent skills, checking risky SKILL.md patterns, or adapting a lightweight security-review process for your own agent marketplace.
Use this repo for:
- Verification and security review criteria
- Reviewer checklists and threat-model guidance
- Skill quality standards
- Submission templates and self-review guidance
- Lightweight scanning tools used before human review
Do not use this repo as the canonical skill catalog. Link to the skills repo for marketplace content.
Agent Skill Exchange uses two public trust labels:
| Label | Meaning |
|---|---|
| Published | The skill is listed in the catalog and has passed basic publishing checks. |
| Security Reviewed | The skill has passed additional security review for scope, data handling, prompt-injection risk, and destructive actions. |
Older internal terms such as listed or verified_metadata should be mapped to Published in public-facing docs and UI.
/
├── verification/
│ └── checklist.md # Publishing and security-review checklist
│
├── security/
│ ├── review-guide.md # How to conduct a security review
│ ├── reviewer-quickstart.md # 10-minute reviewer triage guide
│ ├── trust-label-lifecycle.md # Trust label assignment and downgrade rules
│ ├── threat-model.md # Threat model for agent skills
│ └── tools/
│ └── scan.sh # Basic automated scan script
│
├── examples/
│ ├── review-patterns.md # Safe and risky SKILL.md review patterns
│ └── risky-patterns.md # Risky pattern decisions and safeguards
│
├── standards/
│ ├── skill-spec.md # AgentSkill specification
│ └── categories.md # Skill category taxonomy
│
├── submission/
│ └── SKILL_TEMPLATE.md # Standard SKILL.md template
│
└── CONTRIBUTING.md
Run a self-review before submitting or updating a skill:
git clone https://github.com/agentskillexchange/verification-security.git
cd verification-security
cat verification/checklist.md
./security/tools/scan.sh --help
./security/tools/scan.sh /path/to/your/SKILL.mdThe scanner is a first pass only. A clean scan does not guarantee that a skill is safe; it helps reviewers catch obvious issues before deeper review. Exit code 0 means no issues were found, 1 means warnings or failures need review, and 2 means the command was missing or could not read the target file.
Reviewers can start with the 10-minute Reviewer Quickstart, compare against the Review Patterns, then use the full Security Review Guide, Verification Checklist, and Trust Label Lifecycle for final decisions.
| If you are... | Start here | Then use |
|---|---|---|
| Submitting or updating a skill | submission/SKILL_TEMPLATE.md |
verification/checklist.md and ./security/tools/scan.sh /path/to/SKILL.md |
| Doing a fast reviewer triage | security/reviewer-quickstart.md |
examples/review-patterns.md for safe/risky snippets and examples/risky-patterns.md for decision guidance |
| Making a Security Reviewed decision | security/review-guide.md |
security/trust-label-lifecycle.md for label evidence and downgrade rules |
| Checking scanner behavior | ./security/tools/scan.sh --help |
security/tools/test_scan.sh and examples/scanner-fixtures/risky-skill.md for expected risky-output coverage |
Submit and maintain skill content in the primary catalog repo:
https://github.com/agentskillexchange/skills
Use submission/SKILL_TEMPLATE.md as a starting point, and use verification/checklist.md before opening a catalog PR.
Contributions are welcome when they improve the review process:
- New security checks
- Clearer review criteria
- Better examples of risky skill behavior
- Improvements to the scanner
- Taxonomy refinements that help review consistency
See CONTRIBUTING.md.
MIT.