OSS
Cisco Open-Sources skill-scanner for Agent Skills, Now Integrated Into an IDE Extension
Cisco AI Defense's skill-scanner detects prompt injection, data exfiltration, and malicious code in agent skills using a mix of YAML/YARA pattern rules, LLM-as-a-judge, and behavioral dataflow analysis, and Cisco has now folded it (plus an MCP scanner) into an IDE extension. It's part of a fast-emerging category of agent/skill security scanners appearing alongside Snyk's launch. The convergence of multiple vendors on 'scan before you install' suggests skill supply-chain security is becoming a standard step in the agent dev toolchain.
Source
↳ Follow the thread