Skip to content

Add Security scan for AI agent skills#47

Merged
danielholanda merged 9 commits into
mainfrom
dholanda/skillspector
Jun 8, 2026
Merged

Add Security scan for AI agent skills#47
danielholanda merged 9 commits into
mainfrom
dholanda/skillspector

Conversation

@danielholanda

Copy link
Copy Markdown
Collaborator

Summary

Adds a CI workflow (.github/workflows/skillspector.yml) that statically scans
every skill under skills/ with SkillSpector
to catch malicious patterns and security risks before merge.

  • Static-only (--no-llm): no API key, runs isolated via uvx, pinned to
    commit 939da7d.
  • Gating: fails a skill's check when it scores HIGH/CRITICAL (risk score > 50).

Mirrors validate.yml's discover → matrix → aggregate-gate pattern, so each
skill is its own pass/fail and the single SkillSpector security scan job can
be marked required in branch protection.

Triggers: PRs touching skills/** or the workflow import file, pushes to main, and
manual dispatch.

@danielholanda danielholanda self-assigned this Jun 5, 2026
@danielholanda danielholanda merged commit 511f266 into main Jun 8, 2026
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant