Introducing Agent Skills Security: Identify and Prevent Risk in the AI Agent Supply Chain

Today, we're introducing Agent Skills Security, a new Heeler capability that helps organizations discover, analyze, and prioritize risk across the artifacts that drive AI agents.
June 17, 2026
Whats on this page
The Role of Design Partners
See the Platform Live
Subscribe
Share this content

Organizations are adopting Claude Code, Cursor, Gemini, Codex, and other agent ecosystems to accelerate development and automate increasingly complex tasks. As these agents become more capable, they also become more dependent on a new class of artifact: instructions.

Instructions, skills, workflows, configurations, hooks, and subagents increasingly determine how AI agents behave, what tools they use, what systems they access, and what actions they take.

Yet most security teams have little visibility into them.

Today, we're introducing Agent Skills Security, a new Heeler capability that helps organizations discover, analyze, and prioritize risk across the artifacts that drive AI agents.

A New Supply Chain Attack Surface

For years, software supply chain security has focused on two primary components:

  • Source code
  • Third-party dependencies

Security teams have built programs, tools, and processes around understanding and securing both.

AI agents introduce a third layer.

The instructions that guide agent behavior are increasingly becoming part of the software supply chain. These files can shape how agents make decisions, what actions they perform, what external systems they interact with, and what permissions they attempt to use.

In many organizations, these artifacts are already being committed to source control and shared across teams.

The challenge is that they largely exist outside the visibility of traditional security tooling.

Understanding the Risks

Agent artifacts can introduce risks that are fundamentally different from traditional application security issues.

Security teams need to understand questions such as:

  • Is an agent being instructed to perform unsafe actions?
  • Does a skill introduce risky or unexpected behavior?
  • Are external systems being referenced that warrant investigation?
  • Could an instruction influence an agent to bypass established controls?
  • Are developers unknowingly introducing risky agent capabilities into repositories?

Without visibility into these artifacts, organizations risk creating blind spots as AI adoption accelerates.

Introducing Agent Skills Analysis

With Heeler, organizations can now:

  • Discover agent artifacts across repositories
  • Inventory instructions, skills, workflows, and configurations
  • Analyze files for suspicious or malicious behavior
  • Identify risky agent artifacts that warrant review
  • Understand why a file is considered risky through transparent findings and scoring
  • Prioritize remediation efforts based on risk

Rather than treating these files as isolated assets, Heeler incorporates them into a broader understanding of the software supply chain.

Combining Deterministic and Semantic Analysis

Agent Files analyzes artifacts using multiple approaches.

Deterministic analysis identifies structured signals such as suspicious external references and other risky patterns.

Semantic analysis evaluates the intent and behavior described within the artifact itself, helping identify risks that traditional pattern matching alone may miss.

The result is a more comprehensive understanding of both what an agent artifact contains and what it is attempting to accomplish.

What’s new on Heeler
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
See the Platform Live
Subscribe
Share this content

Related resources

See All Resources
May 28, 2026
Introducing Heeler MCP: Bring Security Context Directly Into Your AI-Powered Development Workflow
We're excited to announce Heeler MCP, a new way to access Heeler directly from your AI assistant or coding agent using the Model Context Protocol (MCP).
Blog
April 15, 2026
Announcing Heeler Endpoints: Mapping and Securing AI-Generated Attack Surfaces
Heeler launches Endpoints to close the endpoint visibility gap in modern, AI-driven applications.
Heeler launches Endpoints to close the endpoint visibility gap in modern, AI-driven applications.
Blog
April 13, 2026
How Heeler Mitigated the Axios Supply Chain Attack
Heeler provided customers a multi-layered defense, combining Software Composition Analysis (SCA) with Static Analysis Security Testing (SAST), along with Agent Skills, CLI and guardrails to provide the visibility and enforcement necessary to neutralize this threat.
Blog
March 18, 2026
Centralized Security for Agentic Coding: Introducing Heeler Agent Skills
Instead of adding more security gates, Heeler Agent Skills guide AI coding agents with the context needed to make better and safer decisions during development.
Blog
March 6, 2026
Securing the Modern Development Workflow in the Age of AI
Today, both developers and AI agents contribute to software development. Code suggestions, new dependencies, and infrastructure integrations can appear in seconds. Without security embedded directly into development workflows, vulnerabilities, exposed secrets, and risky packages can slip into production environments.
Blog
March 3, 2026
Meet the Heeler Team at BSidesSF and RSAC
Join Heeler for live demos and one-on-one meetings during BSidesSF 2026 and RSAC 2026 in San Francisco.
Blog
February 24, 2026
Introducing Workflows: Automate Security Response Without Adding Friction
Today, we’re excited to announce Workflows, a new capability in Heeler that helps security teams operationalize response by automatically routing high-signal security events to the right systems and teams.
Blog
February 20, 2026
Improving Developer Experience & Engagement in Application Security
Heeler is designed to reduce that friction by embedding contextual security controls and guidance directly into existing engineering workflows. The goal is not to increase findings, but to improve clarity, precision, and execution.
Blog
February 18, 2026
Introducing Heeler SAST: Context-Aware Static Analysis for the AI Era
Heeler SAST: Static analysis purpose-built for AI-generated code and agent-driven software delivery.
Blog
January 23, 2026
Why Heeler Auto-Remediation Is More Than “AI Fixing Code”
Heeler brings the context and deterministic analysis required to make AI effective for security.
See All Resources
Product
ProductExploitabilityFixabilityRemediationGuardrails
Resources
Resources HubFAQTrust CenterPricing
About
AboutContact UsCustomer SupportSubscribe
© 2025 Heeler
Privacy Policy
Terms and Conditions
Cookie Policy
Cookie Preferences