Top AI Product

NVIDIA launched Verified Agent Skills, a framework that treats the reusable “skills” agents install like software packages that need to be scanned, signed, and documented before you trust them. As agents pull in third-party skills, each one is code that runs with the agent’s permissions — and most ecosystems install them on faith.

## SkillSpector and signed provenance

The publishing pipeline runs SkillSpector, a two-stage scanner: fast static analysis first, then optional LLM semantic evaluation for subtler threats. It checks conventional risks — vulnerable dependencies, suspicious scripts, credential exposure, data-exfiltration paths — plus agent-native ones: hidden instructions, prompt injection, tool poisoning, and permissions that exceed a skill’s stated purpose. Skills are then cryptographically signed using OpenSSF Model Signing, so the signature covers the whole skill directory and you can confirm a download is authentic and unchanged.

## Skill cards

Every verified skill ships a machine-readable skill card — a YAML/JSON document listing who built it, its license, which external APIs it calls, known limitations, and risk mitigations.

## Why it matters

Skills are becoming the distribution unit for agent capabilities, which makes them the next supply-chain attack surface — the npm-package problem, but for things that can take actions. Scanning, signing, and provenance metadata are the same defenses software supply chains already adopted, arriving for agents before the ecosystem gets burned.