Search

This attack path highlights important considerations for the future of agent-assisted development. Extended supply chain risk: Traditional supply chain attacks focus on injecting malicious code directly. In agentic environments, a compromised dependency can also redirect the agent itself, extending familiar supply chain risks into a new dimension, such as injecting subtle delays that cause performance degradation or denial-of-service scenarios.   Instruction following under adversarial conditions: When the agent followed injected configuration directives, including instructions to conceal its

NVIDIA agent skills are portable instruction sets that teach AI agents how to use NVIDIA CUDA-X libraries, AI Blueprints, and platform tools correctly. NVIDIA-verified skills published in the NVIDIA/skills GitHub repo are: Cataloged and synced daily from the NVIDIA product team that owns it Scanned for software and agent-native risks before publication Signed with a detached skill.oms.sig that can be verified post-download Documented with a skill card describing ownership, dependencies, limitations, and verification status Evaluation is the next layer. It will add standardized quality metri

An NVIDIA-verified skill starts in a source repository owned by a product team. From there, it moves through a publishing flow that can include both human review and automated policy checks, followed by scanning, evaluation, generation of the skill card, signing, cataloging, and synchronization into the public catalog.  Each verified skill is paired with a skill card, a machine-readable trust record that explains the following:  What the skill does Who built the skill  How is the skill licensed What are the skill dependencies   What are the known technical limitations, risks, and mitigatio