{"skill":{"slug":"supply-chain-enterprise-security-skill","displayName":"Security embedded Dev","summary":"Reviews AI/ML model supply chains for security risks including model provenance verification, training data lineage, fine-tuning pipeline integrity, inferenc...","tags":{"appsec":"1.0.0","compliance":"1.0.0","identity":"1.0.0","latest":"1.0.0","scanner":"1.0.0","security":"1.0.0","securityengineer":"1.0.0","vciso":"1.0.0","vulnerabilities":"1.0.0"},"stats":{"comments":0,"downloads":154,"installsAllTime":0,"installsCurrent":0,"stars":0,"versions":1},"createdAt":1773796378968,"updatedAt":1773797213561},"latestVersion":{"version":"1.0.0","createdAt":1773796378968,"changelog":"Initial release introducing model supply chain security review skill.\n\n- Enables structured assessment of AI/ML model supply chains, covering model provenance, training data lineage, fine-tuning integrity, inference dependency review, and backdoor detection.\n- Aligns assessments with OWASP LLM03:2025, SLSA v1.0, and MITRE ATLAS supply chain frameworks.\n- Guides users through context gathering and a step-by-step process to identify risks from unverified models, insecure download methods, and unsafe dependencies.\n- Designed for use by security, ML, and appsec engineers during build, review, and operate phases.\n- Ensures injection-hardened operation; restricts tool usage to safe, read-only commands.","license":"MIT-0"},"metadata":{"os":null,"systems":null},"owner":{"handle":"kamalsrini","userId":"s176qj1qtmcdmj9m3awyhkxged83hyfg","displayName":"kamalsrini","image":"https://avatars.githubusercontent.com/u/6233046?v=4"},"moderation":null}