GoKawiilThe Skills Security Index is a centralized repository providing security risk analysis for agentic AI skill definitions. As AI agents increasingly rely on modular skills to perform tasks, the instructions used to define these skills become a critical attack surface. This index helps security engineers and developers understand the potential "blast radius" of any given skill before deployment.
Analyses are performed against a standardized security schema and focuse on instructional risk. Such as identifying when a skill's prompts encourage an agent to bypass guardrails or perform sensitive operations without oversight.
Each entry in the index represents a unique skill found across major platform registries in GitHub . We perform a deep scan of the skill's identity, its instructions, and associated code to build a comprehensive security profile.
Risk is calculated dynamically across three dimensions. A skill is assigned the highest (most severe) level detected among:
Capabilities
We classify instructions into several buckets: Tools, Code Execution, Web Access, File System, Data Access, Authentication, Network, and System. "Detected" means the skill explicitly encourages the agent to utilize these modalities.
Findings
Findings report specific deviations from security best practices, such as Prompt Injection vulnerabilities, Credential Exposure, or Excessive Permissions.
Permissions
Permissions are the underlying resource requests implied by the skill. We evaluate whether each request is justified by the skill's stated purpose.