AGENTS.md files help Codex and similar AI tools understand project-specific instructions, coding conventions, and organizational structures. They can reside anywhere within a Codex container, providing valuable context to AI agents. Like other project configuration files, these instructions are treated as trusted context by the agent. This trust model is by design, but it creates an interesting attack surface when a malicious dependency is able to write or modify these files at build time.
What are the implications and risks for agent-assisted development?
This attack path highlights important considerations for the future of agent-assisted development. Extended supply chain risk: Traditional supply chain attacks focus on injecting malicious code directly. In agentic environments, a compromised dependency can also redirect the agent itself, extending familiar supply chain risks into a new dimension, such as injecting subtle delays that cause performance degradation or denial-of-service scenarios.
Instruction following under adversarial conditions: When the agent followed injected configuration directives, including instructions to conceal its
NVIDIA agent skills are portable instruction sets that teach AI agents how to use NVIDIA CUDA-X libraries, AI Blueprints, and platform tools correctly. NVIDIA-verified skills published in the NVIDIA/skills GitHub repo are: Cataloged and synced daily from the NVIDIA product team that owns it
Scanned for software and agent-native risks before publication
Signed with a detached skill.oms.sig that can be verified post-download
Documented with a skill card describing ownership, dependencies, limitations, and verification status Evaluation is the next layer. It will add standardized quality metri