Skills

skill-security

Installation
SKILL.md

Skill Security Protocol

This skill acts as the security layer for the entire ecosystem. It evaluates SKILL.md files, monitors runtime behavior, and assigns trust scores.

Core principle: No skill should be inherently trusted. All execution must adhere to the principle of least privilege, strict output sanitization, and manual verification for destructive actions.

1. Execution Modes

  • Audit (Static Analysis): Analyzes SKILL.md instructions statically before any execution. Detects prompt injection, data leakage, and excessive permissions.
  • Guard (Runtime Protection): Monitors the skill during execution. Blocks blacklisted commands, intercepts PII leakage, and prompts for checkpoint approvals.
  • Trust Scorer (0-100 Rating): Assigns a trust score mapping to permission grants. Skills scoring below 40 are quarantined; skills above 80 earn default automation execution logic.

2. Threat Analysis Methodology

Installs
10
Repository
fatih-developer…h-skills
GitHub Stars
5
First Seen
Mar 26, 2026
Security Audits
Gen Agent Trust HubPass
SocketFail
SnykPass
skill-security — fatih-developer/fth-skills