skill_scanner
Scans skills and tool descriptors for suspicious patterns before runtime use.
What it mitigates
- Prompt-injection payloads hidden in skill text
- Encoded exfiltration patterns in third-party artifacts
- Untrusted skill provenance in shared repositories
Recommended defaults
| Profile | actionOnCritical | startup scan | reload scan |
|---|---|---|---|
local | deny | true | true |
standard | challenge | true | true |
unbounded | alert | true | true |
Minimal config
moduleConfig:
skill_scanner:
scanOnStartup: true
scanOnReload: true
actionOnCritical: challenge
requireSignature: false
requireSbom: false
requirePinnedSource: false
onProvenanceFailure: challengeNotes
- Treat
challengeas the default in development. - Move to stricter provenance checks in production-like environments.
- Keep scanner early in pipeline order.