What this search usually needs
SKILL.md supply-chain QA treats a skill file as an entry point into a small software supply chain. The review should include the instructions, linked scripts, referenced examples, dependencies, install steps, network calls, and permission expectations. This helps teams avoid approving a clean-looking file while missing risky supporting behavior.
Where it applies
- A marketplace wants a repeatable QA gate before listing third-party skills.
- A team receives a skill bundle and needs to know whether it is safe to install.
- A skill author wants to reduce buyer friction with a trustworthy report.
How to run the review
- Parse SKILL.md, examples, scripts, package manifests, and referenced assets.
- Classify install steps, credentials, network behavior, and file write scope.
- Detect disguised system instructions, prompt-injection language, and dangerous setup commands.
- Score risk by severity and reviewer action.
- Produce a trust report that explains what changed and what is safe to allow.
Common risks to catch
- Instructions can hide operational behavior in references rather than the main skill file.
- A package install step can change the environment outside the intended skill boundary.
- Thin metadata makes it difficult to prove who owns or maintains the skill.
Use SkillProvenance Scan for this review
SkillProvenance Scan connects SKILL.md parsing with provenance, permission diff, injection scanning, and trust-report export in one review flow.