Skip to content

feat: integrate skills.sh registry with chain-loading detection#38

Merged
homanp merged 1 commit intomainfrom
feat/skills
Feb 17, 2026
Merged

feat: integrate skills.sh registry with chain-loading detection#38
homanp merged 1 commit intomainfrom
feat/skills

Conversation

@homanp
Copy link
Contributor

@homanp homanp commented Feb 17, 2026

What

  • Add SkillsAdapter for fetching Agent Skills from GitHub repos
  • Add skill-specific scan prompt targeting chain-loading, prompt injection, and social engineering patterns in SKILL.md files
  • Add SkillChainLoading threat type with dedicated detection
  • Add skill_chain_loading to verification prompt so Opus preserves the type
  • Mark Opus-verified threats as Verified so they affect risk level
  • Store verification_status in DB on threat insert
  • Add skills-specific CLI output (repo, trust, threats) — skip CVEs, install scripts, downloads not applicable to skills
  • Extract referenced skill identifiers and queue nested dependency scans with depth-1 recursion cap via DB existence check
  • Add JSON salvage fallback for malformed LLM output
  • Wire up Fireworks minimax-m2p5 for initial scans, Bedrock Opus for verification across all registries
  • Add ripgrep to worker Dockerfile, clean stale opencode package.json
  • Run OpenCode scans sequentially to avoid SQLite lock contention
  • Skip usage docs generation for skills (SKILL.md is the doc)

Why

We want to scan skills.sh

Test plan

  • Tests pass locally
  • Tested manually

@homanp
feat: integrate skills.sh registry with chain-loading detection
e04d575 
- Add SkillsAdapter for fetching Agent Skills from GitHub repos
- Add skill-specific scan prompt targeting chain-loading, prompt injection,
  and social engineering patterns in SKILL.md files
- Add SkillChainLoading threat type with dedicated detection
- Add skill_chain_loading to verification prompt so Opus preserves the type
- Mark Opus-verified threats as Verified so they affect risk level
- Store verification_status in DB on threat insert
- Add skills-specific CLI output (repo, trust, threats) — skip CVEs,
  install scripts, downloads not applicable to skills
- Extract referenced skill identifiers and queue nested dependency scans
  with depth-1 recursion cap via DB existence check
- Add JSON salvage fallback for malformed LLM output
- Wire up Fireworks minimax-m2p5 for initial scans, Bedrock Opus for
  verification across all registries
- Add ripgrep to worker Dockerfile, clean stale opencode package.json
- Run OpenCode scans sequentially to avoid SQLite lock contention
- Skip usage docs generation for skills (SKILL.md is the doc)
@homanp homanp self-assigned this Feb 17, 2026
@homanp homanp merged commit 5dd4c1f into main Feb 17, 2026
5 checks passed
@homanp homanp linked an issue Feb 17, 2026 that may be closed by this pull request
[Feature]: Support skills repositories #25
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@homanp homanp

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Feature]: Support skills repositories

1 participant

@homanp

Comments