Skill Safety Scanner
Scan AI agent skill definitions for malicious instructions, prompt injections, and security risks—locally.
skill install https://www.promptspace.in/skills/skill-safety-scannerSecure Your Agent Pipeline
As AI agent ecosystems grow, the risks of "malicious skills" increase. The Skill Safety Scanner is a developer-centric security tool designed to audit SKILL.md files for risky instructions, hidden behaviors, and potential prompt injections before you integrate them into your environment.
What it does
The scanner performs a deep static analysis of skill definitions to identify high-risk patterns that could compromise your system. It flags specific categories of concern including:
- Unauthorized Exfiltration: Detects suspicious data transfer or network instructions.
- Privilege Escalation: Identities broad local file access and shell execution requests.
- Hidden Behaviors: Surfaces obfuscated hints, persistence mechanisms, and unbounded autonomy.
- Social Engineering: Flags prompt injection wording and credential harvesting attempts.
Why use this skill?
Unlike basic keyword searching, this skill understands the context of agent instructions. It provides a structured safety report (Terminal, JSON, or Markdown) that allows you to automate security gates in your CI/CD pipeline or manually vet third-party skills with confidence. Crucially, it runs entirely locally with zero network calls, ensuring your proprietary code and skill definitions never leave your machine.
Use cases
- Audit third-party agent skills before installation
- Identify prompt injection vulnerabilities in skill definitions
- Detect unauthorized file system or shell access requests
- Automate security gating for agent skill deployments
- Generate JSON-formatted risk assessment reports for your CLI tools
Example
Prompt
Sample output preview is available after purchase.