What is the purpose of the Tessl integration?

Tessl reviews the quality of skills based on 'Activation' (how easily an agent finds the skill) and 'Implementation' (how effectively the agent follows the skill's instructions).

Can this skill help with insecure credential handling?

Yes, it includes specialized remediation for finding W007 (Snyk), guiding developers to use environment variable references instead of literal token placeholders.

How does it help prevent prompt injection?

The skill provides specific remediation patterns for 'Handling External Content,' establishing strict boundaries and sanitization rules for untrusted data processed by agents.

Is this skill useful for repository maintainers?

Absolutely. It is designed for developers and maintainers who need to ensure a collection of AI skills meets enterprise-grade security and usability standards.

Which security scanners does this skill support?

It integrates findings from Gen Agent Trust Hub, Socket, and Snyk to monitor for RCE, prompt injection, supply chain risks, and credential exposure.

AI Skill Security & Quality Auditor

Name: AI Skill Security & Quality Auditor
Author: dbt-labs

bydbt-labs

•

304

•

安全与测试

Audits and remediates security vulnerabilities and quality issues in AI agent skills using third-party scanning and review tools.

The Auditing Skills plugin is a specialized tool designed to maintain high standards of security and performance for AI agent capabilities. It integrates data from security scanners like Snyk, Socket, and the Gen Agent Trust Hub to identify risks such as prompt injection, insecure credential handling, and remote code execution. Additionally, it leverages Tessl analytics to evaluate skill quality across activation and implementation dimensions, providing developers with standardized remediation patterns to ensure their skills are both safe and highly effective for AI agents.

主要功能

01Standardized remediation templates for common security findings

02Workflow guidance for cross-skill consistency and repository validation

03Dependency risk assessment via Socket and Snyk integrations

04Quality scoring for skill activation, specificity, and trigger term coverage

05Security auditing for remote code execution, prompt injection, and data exfiltration

06304 GitHub stars

使用场景

01Remediating insecure credential handling and indirect prompt injection vulnerabilities

02Optimizing skill descriptions and implementation clarity to improve AI agent performance

03Conducting security reviews of published skills against third-party scanners

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add dbt-labs/dbt-agent-skills auditing-skills

For use in Claude.ai and ChatGPT

Download Skill