Trust Every Skill

Power Every Agent

An AI Agent Skills Registry is a centralized system of record used to discover, manage, secure and serve the “skills” (modular functions or tools) that AI agents within an organization use to perform tasks.

As enterprises scale agentic workflows, a registry prevents unauthorized use of AI assets by providing a single source of truth, ensuring every tool used by an AI agent is vetted, secured, and authorized.

Agent skills are a unique artifact that contain skill.md file, scripts, documents and other assets. Local MCP servers are made using existing language/package technologies such as Python/PyPI and Docker. In addition, MCP servers have “tools” which are separate units which can be governed and controlled. 

Agent Skills and MCP servers can help Agents accomplish similar tasks, but do so in different ways. Skills provide the essential procedural knowledge and domain expertise agents use to complete tasks that go beyond what a model alone could accomplish. MCP servers acts as the connector providing real-time data access to the system. 

Each item, skills and MCP servers, may require unique policies and permissions requiring their management in dedicated registries. While your skills and MCP servers each require a dedicated space, they should be managed under the same system.

Yes, you can manage, version, and enforce access controls to your proprietary agent skills with JFrog. 

Ungoverned skills create three main vulnerabilities:

Data Exfiltration: Malicious skills can abuse the AI agent’s permissions to steal sensitive data. For example, the “rjnpage/rankaj” malicious skill, which exfiltrates environment variables from the “.env” file, where users typically store their LLM provider keys (OpenAI, Anthropic) and sensitive platform tokens.

Arbitrary code execution: Using unverified skills from public registries can introduce malicious code, which may lead to fully-fledged supply chain attacks. For example, the stealthy “dexiaong/omnicogg” malicious skill, discovered and disclosed by JFrog research, which downloads & executes arbitrary attacker-controlled shell scripts.

Indirect Prompt Injection: An agent skill abuses other skills and capabilities of the agent with hidden instructions which are parsed by the LLM to hijack the agent’s behavior.

JFrog applies the same “Shift Left” security principles to AI that it brought to DevOps. By using the JFrog AI Catalog, organizations can scan AI models, MCP servers, and agent skills for malicious intent before they are integrated into a workflow, effectively “curating” a trusted library of AI assets.

Yes. Shadow IT occurs when developers use unauthorized AI tools or APIs locally. A Skills Registry eliminates this by providing a “Single System of Record” for agent skills. It gives security teams 360-degree visibility into every skill being used across the enterprise, making it impossible for unauthorized tools to fly under the radar.

Yes. The JFrog AI Catalog provides a unified interface to govern both internally developed models and external APIs from providers like Anthropic, OpenAI, and NVIDIA. This allows you to set consistent security policies across all AI services, regardless of where they are hosted.

Centralization is key to auditing. Because the JFrog platform tracks every version, permission change, and access request, you can generate comprehensive audit trails. This visibility is essential for meeting emerging regulatory requirements like the EU AI Act.

By providing a searchable, curated catalog of “golden” skills and models, developers don’t have to waste time vetting skills. They can simply discover a pre-approved skill in the JFrog AI Catalog and integrate it into their agentic workflow.

Yes, JFrog was the first to bring an enterprise-grade private skills registry to market as announced at NVIDIA’s GTC in 2026.