Mitiga Labs Launches Skillgate to Detect Risks in AI Agent Skills and Configurations

The free scanner detects, flags, and scores attack techniques hidden in AI agent skills, hooks, and configuration files before an agent acts on them

NEW YORK, June 16, 2026 — Mitiga, the leader in agentic runtime security for cloud, SaaS, and AI, today announced the release of Skillgate, a free tool from Mitiga Labs that scans the configuration files AI agents rely on – including skills, hooks, agent rules, MCP server configurations, and instruction files such as CLAUDE.md and AGENTS.md. Skillgate detects, flags, and scores them for prompt injection, hook remote code execution (RCE), credential exfiltration, and other attack techniques. Skillgate is available now at skillgate.mitiga.ai.

Purple title card with 4 boxes denoting the status of the scanned AI skill.

AI agents and skills increasingly incorporate third-party instructions, not just prompts. Developers can install a skill from a marketplace with a single click, enabling an agent to read files, call APIs, and open pull requests – often without human oversight. Yet few users inspect those files before installation, creating a supply chain risk reminiscent of the software ecosystems the industry has spent years securing.

Mitiga Labs has documented these risks in its “License to Skill” series of research. In one case, a seemingly benign testing skill silently pushed an entire codebase to an attacker-controlled repository without user prompts and with no audit log. In another, a hook configured to run at the start of every agent session executed a hidden script that shipped local credentials to an attacker. Poisoned skills spread through blogs and public marketplaces much like poisoned packages spread through open-source registries.

These cases come out of a six-month Mitiga Labs study of more than 50,000 AI instruction files across 7,000+ public repositories (April–June 2026). At that scale, the team found attacker-controlled ANTHROPIC_BASE_URL overrides rerouting Claude traffic through third-party proxies, and more than 1,230 API keys and tokens left hardcoded across agent and MCP server configurations. Mitiga Labs is also tracking a live prompt-exfiltration technique that turns the agent itself into a keylogger for a developer's prompts, with a full report to follow.

People install skills the way we used to double-click email attachments – quickly and without looking inside. A skill, hook, or CLAUDE.md file contains instructions that an agent will execute automatically. Skillgate helps users understand what’s actually in those files and assess the risk before an agent loads them. We made it free because every team experimenting with agentic AI faces this challenge today.
— Idan Cohen, Cloud Security Researcher, Mitiga

How Skillgate Works

Users can paste a public GitHub repository URL into Skillgate, which pins the scan to a specific commit. It reads the file with signature and Abstract Syntax Tree (AST) analysis, plus an LLM-as-judge step, and maps each finding to a known attack technique. No code is executed during the process.

The resulting report provides a risk score out of 100 and a verdict – Clean, Risky, Suspicious, or Dangerous – along with an explanation of the score, findings grouped by severity, and fixes for each detection. Individual files can be scanned in seconds, while full repository scans typically complete within minutes.

Skillgate applies more than 80 detection rules across 6 technique families, including direct execution, prompt manipulation, tool and MCP poisoning, supply chain, obfuscation, and credential exposure. Findings are mapped to both the OWASP Agentic AI Top 10 and MITRE ATT&CK and ATLAS frameworks.

Skillgate is designed to cover the full agent-configuration surface, including SKILL.md, hooks, CLAUDE.md, Cursor, Continue, and Cline rules, MCP tool descriptions, and settings files. It also supports bulk-URL submission for repository-wide analysis.

AI agents and skills are now wired into cloud, SaaS, and developer pipelines, yet they incorporate third-party instructions most teams never review. Skillgate gives the community a practical safety net so they can use the wealth of publicly available skills they find with increased confidence. It’s exactly the kind of research-driven tool Mitiga Labs was created to build.
— Ofer Maor, Co-Founder and Chief Technology Officer, Mitiga

Availability

Skillgate is free and available now at skillgate.mitiga.ai. Browsing public scans is anonymous, while submitting a skill or repository for analysis requires a free account.

About Mitiga Labs

Mitiga Labs is Mitiga’s research division, formalizing years of work investigating emerging cloud, SaaS, AI, and identity threats. Skillgate is productized research from the Labs’ “License to Skill” series on AI agent supply-chain attacks.

About Mitiga

Mitiga takes cyber resilience from idea to reality by providing a critical safety net for cyber defenders operating across today’s expanding cloud and AI attack surface. Built for the reality that attacks are inevitable, Mitiga’s Agentic Runtime Security for cloud, SaaS, and AI catches attacks from anomalies and threat intelligence and contains them before they cause business impact.

Delivered through the Zero-Impact cloud detection and response powered by Helios AIDR, Mitiga tracks activity as it happens, decodes it into a clear attack timeline, and stops active threats before they become headlines. In a world where attackers no longer break in but log in, Mitiga keeps organizations in control.

Let them come.

Media Contact

5WPR — mitiga@5wpr.com — 212-999-5585

Get a Demo

Copyright © Mitiga Security Inc. All rights reserved | Terms of Use | Privacy Policy