Before a verified skill reaches the NVIDIA Skills catalog, NVIDIA runs it through SkillSpector as part of the publication validation pipeline. This approach treats the skill as a deployable agent capability rather than as a static prompt. SkillSpector checks conventional software risks such as vulnerable dependencies, suspicious scripts, dangerous code patterns, credential access, and data exfiltration paths. SkillSpector also checks agent-specific risks, such as hidden instructions, prompt injection, trigger abuse, excessive agency, tool poisoning, and mismatches between a skill’s declared p
NVIDIA-Verified Agent Skills Provide Capability Governance for AI Agents | NVIDIA Technical Blog… SkillSpector checks conventional software risks such as vulnerable dependencies, suspicious scripts, dangerous code patterns, credential access, and data exfiltration paths. …
… For model providers, the biggest risk is the theft of proprietary model weights by the infrastructure owner. …