Securing AI skill repositories with Nvidia SkillSpector and GitHub Actions

Agent skills, custom instructions, and MCP configuration are becoming part of the engineering trust boundary. This post walks through using NVIDIA SkillSpector in GitHub Actions to scan AI skill repositories, surface findings in SARIF or PR comments, and make risky agent behaviour visible during normal review.

Step‑by‑Step: Checking Out a Private Repository in GitHub Actions

Learn how to check out a custom repo and branch in GitHub Actions with this step-by-step guide