The ghost in the machine: Securing AI agent skills

As agent skills emerge as a pivotal mechanism for extending AI capabilities in platform engineering, they offer significant productivity gains alongside critical supply chain vulnerabilities. By enabling agents to execute modular instructions, these tools help platform teams scale; however, public repositories like ClawHub mirror the security risks of traditional open-source ecosystems. This talk explores the tension between agentic innovations and an expanding attack surface, emphasizing the need to integrate security scanning into golden path initiatives. It proposes leveraging databases like Open Source Malware to detect indicators of compromise, arguing that proactive, API-driven defenses are essential for adopting autonomous workflows without compromising integrity.