We Vetted 2,000 AI Skills Before They Reached Developers

Official Schedule Context

Official Description

AI skills and plugins are becoming part of the software supply chain. They steer agent behavior,

describe tools, run commands, access files, and shape how developers build with AI. Treating them as

harmless configuration is a mistake. This talk shares what we learned from building an automated

security review system for more than 2,000 internal AI skills before they reached a company wide

plugin marketplace. I will walk through the risks we found, the checks that worked, the checks that

created noise, and how we turned skill review into something developers could run locally and in CI.

We will cover practical patterns for reviewing unsafe instructions, destructive commands, sensitive

data exposure, risky tool use, credential handling, external calls, and agent behavior drift. The

goal is to help AI engineers think about skills, plugins, and agent instructions as production

dependencies that deserve review before they reach real users.

Related YouTube Video

No related AI Engineer channel video found yet.

Transcript Status

No official session recording transcript was found by exact title match on the AI Engineer YouTube channel during this run.

People

Notes