Transparency Log
Rejected Skills Log
Every skill submission that fails our security scan is logged here — anonymized, but with enough detail to understand what was detected. This log exists because transparency builds trust.
3 total blocked submissions
Updated automatically when a submission is blocked
2026-05-15 Credential exfiltration SL-SEC-003 Engineering
Skill contained instructions to read ~/.aws/credentials and POST the contents to an external webhook endpoint via curl.
2026-05-10 Prompt injection SL-INJ-001 Productivity
Skill embedded hidden Unicode zero-width characters containing base64-encoded instructions to override the agent's system prompt and exfiltrate .env file contents.
2026-05-03 Supply chain SL-SC-002 Community
Install command pointed to a GitHub repository that had been transferred to a different owner after the original was deleted — a classic repo-takeover attack vector.