Security
How skills are scanned — and why auditing third-party skills like untrusted software is the default.
Anthropic officially documents that third-party skills should be treated like untrusted software: they can carry prompt-injection, data-exfiltration, and arbitrary code paths. A scan of 3,984 public skills found 36.8% had a security flaw and 13.4% a critical one. So we scan ours and publish the result.
No security findings· skill-lint + static scan + prompt-injection lint
Skills are plain-Markdown instructions plus, at most, a stdlib-only Python script with no network calls — the class of artifact that audits clean.
Scanned 2026-07.
What the scan covers
- Bundled scripts — static scan for network exfiltration and credential reads outside the declared scope.
- Instruction text — prompt-injection lint on the
SKILL.mdbody. - Spec validation — the same structural checker that keeps the skill loadable.
What you don't have to buy
Baseline skill security scanning is commoditized and free — Snyk ships a self-serve scanner and registries auto-scan public skills. We don't sell auditing. The attestation above is a product attribute of our skills, not a service: proof our own line is clean, published alongside the evals and changelog.