Snyk audit: 36% of agent skills contain prompt injection

Trust the skills your
AI agents run.

SkillOx is the security & curation layer for the SKILL.md ecosystem. Scan, sign, sandbox, and govern the skills your agents install — before they install them.

Scan a skill · free · anonymous · local-only
Paste a SKILL.md URL.
Or browse a sample: Grade A · Grade B · Grade C · Grade D · Grade F
PreviewThe CLI ships soon
Get started — free$ npm i -g skillox
~/projects/api-service — skillox audit
$ skillox audit @acme/db-migrate
→ fetching skill from skills.sh registry...
→ running 47 checks (semantic + behavioral + provenance)...
file structure valid
no secrets harvested
capabilities manifest signed by verified creator
! network egress to 2 undeclared domains: analytics.acme.io, cdn.acme.io
prompt-injection probe failed — skill exfiltrates $DATABASE_URL when user asks to read README
overall grade: F — DO NOT INSTALL
report: https://skillox.io/r/acme-db-migrate-Y7K2
The problem

Your agent installs random code from the internet.

A SKILL.md is markdown that Claude / Cursor / Codex read as trusted system configuration. One bad line exfiltrates your credentials.

0.88%
of audited skills are graded D or F — critical security or quality issues.
SkillOx scans · n=19,710
0.21%
contain prompt-injection payloads our semantic probes flagged.
SkillOx scans · n=19,710
20K
public agent skills audited and indexed by SkillOx.
SkillOx catalog · live
What SkillOx does

Six layers no other marketplace has.

Existing 8-point scanners miss 36% of prompt injections. Open marketplaces have zero curation. We sit on top of both.

01
Soon

Semantic prompt-injection detection

LLM-based red-team probes catch exfil patterns regex misses.

02
Planned

Signed provenance

Sigstore-style transparency log + verified creator identity.

03
Planned

Capability-scoped sandbox

WebAssembly runtime enforces declared capabilities.

04
Planned

Continuous re-scan

Threat intel updates → CVE alerts → auto-quarantine.

05
Planned

SOC 2 / ISO 42001 / EU AI Act

Audit-trail evidence packages.

06
Planned

Expert review network

Verified domain experts paid to review skills.

Compatible with every SKILL.md agent
Claude CodeCursorOpenAI CodexGemini CLIGitHub CopilotGoose+20 more

Audit your first skill in 30 seconds.

No signup. No credit card. The scanner runs in our region and tells you whether the skill is safe.

Scan a skill · free · anonymous · local-only
Paste a SKILL.md URL.