Mitiga Labs Launches Skillgate to Identify Risks in AI Agent Skills and Configurations

The free scanner detects, flags, and scores attack techniques hidden in AI agent skills, hooks, and configuration files before an agent acts on them

Mitiga, the leader in agentic runtime security for cloud, SaaS, and AI, announced the release of Skillgate, a free tool from Mitiga Labs that scans the configuration files AI agents rely on – including skills, hooks, agent rules, MCP server configurations, and instruction files such as CLAUDE.md and AGENTS.md. Skillgate detects, flags, and scores them for prompt injection, hook remote code execution (RCE), credential exfiltration, and other attack techniques. Skillgate is available now at skillgate.mitiga.ai.

Also Read: The AI Architectural Trap: Avoiding One-Way Doors

AI agents and skills increasingly incorporate third-party instructions, not just prompts. Developers can install a skill from a marketplace with a single click, enabling an agent to read files, call APIs, and open pull requests – often without human oversight. Yet few users inspect those files before installation, creating a supply chain risk reminiscent of the software ecosystems the industry has spent years securing.

Mitiga Labs has documented these risks in its “License to Skill” series of research. In one case, a seemingly benign testing skill silently pushed an entire codebase to an attacker-controlled repository without user prompts and with no audit log. In another, a hook configured to run at the start of every agent session executed a hidden script that shipped local credentials to an attacker. Poisoned skills spread through blogs and public marketplaces much like poisoned packages spread through open-source registries.

These cases come out of a six-month Mitiga Labs study of more than 50,000 AI instruction files across 7,000+ public repositories (April–June 2026). At that scale, the team found attacker-controlled overrides rerouting Claude traffic through third-party proxies, and more than 1,230 API keys and tokens left hardcoded across agent and MCP server configurations. Mitiga Labs is also tracking a live prompt-exfiltration technique that turns the agent itself into a keylogger for a developer’s prompts, with a full report to follow.

People install skills the way we used to double-click email attachments – quickly and without looking inside. A skill, hook, or CLAUDE.md file contains instructions that an agent will execute automatically. Skillgate helps users understand what’s actually in those files and assess the risk before an agent loads them. We made it free because every team experimenting with agentic AI faces this challenge today.

Also Read: Hyper-Synthetic Data: The Future of Cybersecurity

— Idan Cohen, Cloud Security Researcher, Mitiga

How Skillgate Works

Users can paste a public GitHub repository URL into Skillgate, which pins the scan to a specific commit. It reads the file with signature and Abstract Syntax Tree (AST) analysis, plus an LLM-as-judge step, and maps each finding to a known attack technique. No code is executed during the process.

The resulting report provides a risk score out of 100 and a verdict – Clean, Risky, Suspicious, or Dangerous – along with an explanation of the score, findings grouped by severity, and fixes for each detection. Individual files can be scanned in seconds, while full repository scans typically complete within minutes.

Skillgate applies more than 80 detection rules across 6 technique families, including direct execution, prompt manipulation, tool and MCP poisoning, supply chain, obfuscation, and credential exposure. Findings are mapped to both the OWASP Agentic AI Top 10 and MITRE ATT&CK and ATLAS frameworks.

Skillgate is designed to cover the full agent-configuration surface, including SKILL.md, hooks, CLAUDE.md, Cursor, Continue, and Cline rules, MCP tool descriptions, and settings files. It also supports bulk-URL submission for repository-wide analysis.

AI agents and skills are now wired into cloud, SaaS, and developer pipelines, yet they incorporate third-party instructions most teams never review. Skillgate gives the community a practical safety net so they can use the wealth of publicly available skills they find with increased confidence. It’s exactly the kind of research-driven tool Mitiga Labs was created to build.

— Ofer Maor, Co-Founder and Chief Technology Officer, Mitiga

Write to us [⁠wasim.a@demandmediaagency.com] to learn more about our exclusive editorial packages and programmes.