Every skill submitted to Agensi goes through an 8-point automated security scan before it can be published. This rigorous process ensures that skills are safe, reliable, and trustworthy for users. Understanding exactly what the scan checks for is crucial for creators aiming to pass on the first try and avoid delays in getting their skills live. Moreover, passing the scan successfully builds buyer confidence, which directly impacts sales and reputation on the platform.
Agensi’s security scan is an automated tool designed to analyze submitted skills for potential security risks. It acts as a gatekeeper, preventing malicious or poorly coded skills from reaching users. The scan evaluates eight specific aspects of each skill to detect vulnerabilities, malicious intent, or unsafe coding practices. By adhering to these standards, creators can ensure their skills are safe and ready for deployment.
The security scan evaluates skills based on the following eight criteria. Each point targets a common vector for security risks or misuse.
1. Prompt Injection
The scan looks for any attempt to manipulate the AI agent’s behavior through hidden or deceptive instructions. This includes prompts designed to override safety constraints, execute unintended actions, or bypass content filters. For example, a skill that secretly instructs the AI to reveal user data or perform unauthorized tasks will be flagged. Creators should avoid embedding ambiguous or manipulative language in prompts.
2. Data Exfiltration
This check ensures that the skill does not attempt to send user data outside the intended scope. Skills cannot access environment variables containing secrets, read files beyond the project directory, or send information to external servers. For example, a skill that tries to upload user files to a third-party endpoint without explicit permission will fail this check. Always restrict data handling to the files and context explicitly provided by the user.
3. Dangerous Commands
The scan flags shell commands or scripts that pose a risk to the system or user data. Commands that delete files recursively (like 'rm -rf'), alter system configurations, install unknown packages, or execute code fetched from remote URLs are considered dangerous. While scripts are allowed, they must be safe, well-contained, and free from destructive operations. Creators should test their scripts thoroughly before submission.
4. Hardcoded Secrets
Embedding secret keys, passwords, or API tokens directly in the skill’s code or configuration is strictly prohibited. The scan detects any hardcoded sensitive information, which could be exploited if leaked. Instead, creators should use environment variables or secure vaults for managing secrets and ensure these are excluded from the submitted skill package.
5. Obfuscated Code
Obfuscated or encrypted code that hides its true purpose is flagged by the scan. This includes techniques like base64 encoding, excessive minification, or complex string manipulations designed to conceal malicious behavior. Transparent, well-documented code is preferred, making it easier for reviewers and the scan to validate safety.
6. Suspicious Network Access
Skills attempting to initiate unauthorized network connections, such as contacting unknown IP addresses or domains, are flagged. Legitimate network calls, like those to trusted APIs, must be clearly justified and safe. For example, a skill that fetches data from a public API with proper authentication and user consent will pass, while one that silently sends data to an unlisted server will not.
7. Zip Structure Integrity
The skill package submitted as a zip file must have a valid structure with no corrupted or malicious files embedded. The scan checks for archive integrity, ensuring no hidden executables, malformed files, or suspicious metadata are present. Creators should verify their zip files before submission to avoid rejections due to packaging errors.
8. SKILL.md Validity
Finally, the scan validates the presence and correctness of the SKILL.md file, which describes the skill's purpose, usage, and permissions. This documentation must be clear, accurate, and free from misleading information. Proper documentation helps users understand what the skill does and builds trust.
Passing the scan smoothly requires preparation and attention to detail. Here are practical steps to follow:
1. Review Your Prompts Carefully
Avoid any hidden instructions or ambiguous language that could be interpreted as prompt injection. Keep prompts straightforward and focused on the intended function.
2. Limit Data Access
Ensure your skill only reads and writes files explicitly provided by the user. Do not attempt to access environment variables with sensitive information or external files.
3. Test All Commands Locally
Run your scripts in a controlled environment to confirm they do not perform harmful actions. Remove any commands that could delete or modify critical system files.
4. Remove Hardcoded Secrets
Check your entire codebase for any embedded keys or passwords and replace them with secure environment references.
5. Provide Clear, Unobfuscated Code
Avoid encoding or minifying your code excessively. Comment your code to explain its purpose and flow.
6. Validate Network Calls
Only include network requests to trusted endpoints and document their purpose clearly in SKILL.md.
7. Verify Zip File Structure
Use tools like 7-Zip or WinRAR to inspect your package and ensure all files are intact and correctly placed.
8. Write a Complete SKILL.md
Include detailed descriptions, usage instructions, and permission requirements. Make sure it aligns with the skill’s functionality.
Real-World Use Cases and Examples
Example 1: A Data Analysis Skill
Suppose you create a skill that processes CSV files uploaded by users to generate summary statistics. To pass the security scan, ensure the skill only reads the uploaded CSV, does not attempt to access environment variables or external files, and the scripts used for analysis do not contain any dangerous commands. The SKILL.md should explain the data processing steps and clearly state that no data leaves the user’s environment.
Example 2: A Weather Forecast Skill
A skill fetching weather data from a public API must include safe network requests only to the trusted API endpoint. Do not embed your API key directly in the code; instead, instruct users to provide their own keys or use a secure method of storing them. The documentation should explain the API usage and any permissions needed.
Example 3: A File Management Skill
If your skill organizes files on the user’s system, avoid commands that could delete or move files recklessly. For example, do not include commands like 'rm -rf /' or scripts that modify system directories. Instead, limit operations to user-designated folders and provide clear warnings in your documentation.
- Use automated linting and security scanners locally before submission to catch issues early.
- Keep your code modular and well-documented to facilitate review and debugging.
- Engage with the Agensi community and support forums to learn from common pitfalls and best practices.
- Test your skill end-to-end in a sandbox environment simulating user interaction.
A skill that passes Agensi’s security scan signals professionalism and reliability to potential buyers. Users are more likely to trust and purchase skills that have been vetted for safety, reducing hesitation caused by security concerns. Moreover, a clean record with no rejections accelerates your publishing timeline, allowing you to capitalize on market opportunities faster. Ultimately, investing time in meeting these security standards translates into higher sales and a stronger creator reputation.
The Agensi security scan is a vital step in delivering safe, dependable AI skills. By understanding the eight-point checklist and following best practices, creators can pass the scan on their first try, build trust with users, and enhance their sales potential. Remember, security is not just a hurdle — it’s a commitment to quality and user safety that benefits everyone involved.