Tego AI, a stealth-mode security startup, has released the Skills Security Index (v0.9.2), a publicly searchable database of automated risk assessments for AI agent skill definitions. The company argues these definitions — variously called tools, functions, or plugins — are an underexamined attack surface with no structured vetting mechanism. The index aims to fill that gap.
Each entry is sourced from major platform registries and GitHub, then scanned across the skill's identity, embedded instructions, and associated code. Risk is ranked across five tiers — Pass, Low, Medium, High, and Critical — based on the most severe finding across capability categories: Tools, Code Execution, Web Access, File System, Data Access, Authentication, Network, and System access.
The core of the methodology is instructional risk: whether prompts embedded in a skill encourage an agent to <a href="/news/2026-03-15-fabraix-open-source-red-teaming-playground-ai-agents">bypass guardrails</a>, perform sensitive operations without oversight, or behave differently from the skill's stated purpose. Specific findings cover prompt injection vulnerabilities, credential exposure, excessive permissions, and data exfiltration potential. The index also checks whether permission requests are justified by the skill's claimed function — surfacing mismatches between what a skill says it does and what it actually tells an agent to do. Tego pitches this as a CVE registry equivalent, purpose-built for agent capabilities rather than traditional software vulnerabilities.
The company is stepping into a busy market. Invariant Labs, the ETH Zurich spin-off behind MCP-scan for runtime scanning of Model Context Protocol server descriptions, was acquired by Snyk in June 2025. Keycard came out of stealth in October 2025 with $38 million from a16z, boldstart ventures, and Acrew Capital, targeting cryptographic agent identity authentication. Prompt Security and Lasso Security both ship MCP gateway products for real-time traffic inspection. Tego's angle is the supply chain layer — evaluating skill definitions before deployment rather than intercepting them at runtime — a niche none of the larger players have prioritized. The urgency is grounded in recent data: over 30 CVEs were filed against MCP servers in January and February 2026 alone, including a CVSS 9.6 remote code execution flaw, and OWASP published its first Top 10 for Agentic Applications in 2026 covering <a href="/news/2026-03-16-shortspan-ai-security-research-news">tool misuse and supply chain attacks</a>.
Hacker News was unconvinced. The top-voted comment argued that running unvetted agent skills is functionally equivalent to executing untrusted code — a well-understood risk — and questioned whether the index adds genuine security value or is primarily a marketing vehicle. That skepticism has some basis: the underlying attack surfaces are real, but packaging them as a novel category overstates the novelty. Tego's stealth posture — running a public index while keeping company details opaque — is standard security startup playbook: build credibility and accumulate dataset depth ahead of an enterprise product launch. The homepage tagline, "Know Every Agent. Control Every Action," signals the index is a wedge into a larger agent governance platform rather than the end product.