Audit Skill

Full audit of a SKILL.md file covering structure, content quality, security, and supply-chain signals. Based on OWASP Agentic Skills Top 10 and established skill design principles. The rubric applies to any skill, including those with bundled scripts/ directories.

When to use

• Before installing a third-party skill locally
• Before committing a new or modified skill
• When reviewing a skill for publication to skills.sh

Automated checks

The mechanical subset of checks (S1–S5, Q1–Q5, Q10–Q11, E1–E2, E6, E9) can be run without an LLM:

# Audit all skills in the project
npx cyber-skills@<version> audit validate