A new public database has launched to analyze the security risks introduced by AI agent skills, the capabilities that increasingly define how modern AI agents operate.
The site — available at https://index.tego.security/skills/ — presents what appears to be the first dedicated database focused on the security assessment of AI agent skills, cataloging the capabilities these modules grant to AI systems and evaluating the risks they may introduce into agent-driven workflows.
AI skills — sometimes called tools, functions, or plugins — are rapidly becoming the core building blocks of agentic AI systems. They allow language models to retrieve data, perform specialized reasoning tasks, and execute automated workflows. But this capability also introduces a new layer of attack surface that many organizations are only beginning to understand. Research examining large ecosystems of agent skills has already found that over a quarter contain at least one security vulnerability, including prompt injection vectors, privilege escalation opportunities, and data-exfiltration risks.
The new database aims to make this emerging attack surface visible.
Each skill entry includes a structured security analysis designed to help practitioners understand how a capability might be abused inside real agent deployments. The assessment process uses a multi-dimensional security methodology combining automated scanning, specialized AI models trained to analyze agent behavior, and manual security review.
Rather than simply flagging potentially dangerous code patterns, the analysis follows a practical philosophy: instructions and behaviors are evaluated within the context of the skill’s intended purpose. This allows the review process to distinguish between normal operational capabilities and behaviors that could realistically be exploited by attackers manipulating an AI agent’s reasoning process.
The project reflects a broader shift occurring in AI system security. As AI agents move beyond text generation into task execution and autonomous workflows, the security boundary is increasingly defined by the capabilities those agents can invoke.
In this model, skills effectively become the execution layer of AI systems, capable of:
• influencing agent decision-making
• injecting context into reasoning processes
• triggering automated actions
• exposing data through tool outputs
• interacting with other agents
Security researchers are beginning to recognize that these capabilities introduce attack patterns with few direct parallels in traditional software, including indirect prompt injection through retrieved content and confused-deputy attacks caused by agent tool invocation.
By cataloging and analyzing these capabilities, the database aims to provide security teams with a clearer understanding of how agent behavior translates into security risk.
The resource is publicly accessible and is expected to expand as the ecosystem of AI agent skills continues to grow.
The company behind the project, Tego AI, is currently operating in stealth mode while developing security technologies focused on the emerging agentic AI ecosystem.
joe-limia•1h ago
Despite the obvious self promotion, this whole concept of insecure skills is so dumb to me, if your engineers are installing and running random "skills" found online it's the same as if you had engineers copy and pasting commands into the terminal, it's superficial marketing bs at best
skybrian•12m ago
Installing npm modules seems similar as far as the risks go? The assumption is that you have a semi-trusted source of good libraries that's at least somewhat resistant to supply-chain attacks. A similar thing could in theory be done for well-known skills, but it requires a community norm of not releasing crap.
So it seems like the question is how do you build something worthy of people's trust?
4ppsec•3h ago
The site — available at https://index.tego.security/skills/ — presents what appears to be the first dedicated database focused on the security assessment of AI agent skills, cataloging the capabilities these modules grant to AI systems and evaluating the risks they may introduce into agent-driven workflows.
AI skills — sometimes called tools, functions, or plugins — are rapidly becoming the core building blocks of agentic AI systems. They allow language models to retrieve data, perform specialized reasoning tasks, and execute automated workflows. But this capability also introduces a new layer of attack surface that many organizations are only beginning to understand. Research examining large ecosystems of agent skills has already found that over a quarter contain at least one security vulnerability, including prompt injection vectors, privilege escalation opportunities, and data-exfiltration risks.
The new database aims to make this emerging attack surface visible.
Each skill entry includes a structured security analysis designed to help practitioners understand how a capability might be abused inside real agent deployments. The assessment process uses a multi-dimensional security methodology combining automated scanning, specialized AI models trained to analyze agent behavior, and manual security review.
Rather than simply flagging potentially dangerous code patterns, the analysis follows a practical philosophy: instructions and behaviors are evaluated within the context of the skill’s intended purpose. This allows the review process to distinguish between normal operational capabilities and behaviors that could realistically be exploited by attackers manipulating an AI agent’s reasoning process.
The project reflects a broader shift occurring in AI system security. As AI agents move beyond text generation into task execution and autonomous workflows, the security boundary is increasingly defined by the capabilities those agents can invoke.
In this model, skills effectively become the execution layer of AI systems, capable of: • influencing agent decision-making • injecting context into reasoning processes • triggering automated actions • exposing data through tool outputs • interacting with other agents
Security researchers are beginning to recognize that these capabilities introduce attack patterns with few direct parallels in traditional software, including indirect prompt injection through retrieved content and confused-deputy attacks caused by agent tool invocation.
By cataloging and analyzing these capabilities, the database aims to provide security teams with a clearer understanding of how agent behavior translates into security risk.
The resource is publicly accessible and is expected to expand as the ecosystem of AI agent skills continues to grow.
The company behind the project, Tego AI, is currently operating in stealth mode while developing security technologies focused on the emerging agentic AI ecosystem.