Open Source
Audit public skill files before adopting or contributing to open source projects.
Open source projects increasingly include skill files—SKILL.md, .cursorrules, AGENTS.md—to improve AI-assisted development. Contributors add them; maintainers may not have security expertise to review them. A malicious PR could introduce a skill file that exfiltrates code or overrides model behavior.
Before you clone a repo or adopt a project's AI skill setup, verify its skill files are safe. Before you contribute a skill file, ensure it passes an audit. Maintainers can run skillaudit on incoming PRs to catch prompt injection, data exfiltration, and supply-chain risks.
skillaudit works with any public GitHub repository. No login required. Paste the repo URL, get an instant report. See which files were scanned, what we found, and how to fix it. Share the report link with your team or community.