NVIDIA launches Verified Agent Skills framework for enterprise AI governance

NVIDIA has launched Verified Agent Skills, a governance framework designed to bring transparency, security, and trust to AI agent skill deployment in enterprise environments. The system defines agent skills as portable instruction sets that guide AI systems in using CUDA-X libraries, AI Blueprints, and platform tools. Skills are stored in the NVIDIA/skills GitHub repository, cataloged daily by product teams, and subjected to a publication pipeline that includes human review, automated policy enforcement, scanning via SkillSpector, evaluation, skill card generation, cryptographic signing, and synchronization into the public repository.

SkillSpector scans for conventional software risks (vulnerable dependencies, suspicious scripts, credential exposure) and agent-specific threats (hidden instructions, prompt injection, tool poisoning, excessive permissions). Each verified skill is paired with a machine-readable skill card that records ownership, licensing, dependencies, technical limitations, and identified risks with mitigations. Cryptographic signing covers the entire skill directory, allowing users to verify authenticity and integrity. NVIDIA positions this as a complement to runtime controls like NeMo Guardrails, focusing on vetting capabilities before they enter agent workflows. Future evaluation layers will add standardized metrics such as trigger accuracy, task completion rate, and token efficiency against a common benchmark.