Private · litmus-skill-v3
skills.sh index
Static safety grades for the most-installed skills on skills.sh — Vercel’s open Agent Skills directory. A behavioral A–F verdict alongside the directory’s existing dependency alerts.
Each skill is graded by litmus-skill-v2, a deterministic STATIC scan of its SKILL.md + bundle: S-01 prompt-injection / context-poisoning, S-03 data-exfiltration instructions, and S-04dangerous bundled commands. An A means static-clean, not behavioral proof — a skill’s instructions are interpreted by an agent at runtime.
skills.sh already links each listing to its public GitHub source and surfaces dependency alerts from Socket, Snyk, and Gen — but not a behavioral safety grade. This index adds one over a curated top cohort. Every grade is read live from its hosted_runs row — reproduce any with npx -p @polygraphso/litmus polygraphso-litmus-skill — and none are published onchain.
Monitor this ecosystem
Monitor the skills.sh directory.
This index is a snapshot of the top cohort. We re-grade skills.sh listings on a cadence and flag regressions — a dropped grade, a newly failing check, a changed content hash — as the directory ships. Set up per registry.
Prefer to write us directly? hello@polygraph.so
Skills: S-01 prompt-injection · S-03 exfil instructions · S-04 dangerous bundled commands (static, content-hash anchored). Reproduce a skill grade with npx -p @polygraphso/litmus polygraphso-litmus-skill <dir>. Source: skills.sh · each row links to its polygraph skill report.