Marketplace for trusted AI agent skills

Scan agent repos for repo-poisoning, unsafe AI config files, and MCP attack surfaces with MEDUSA

Skill Detail

Scan agent repos for repo-poisoning, unsafe AI config files, and MCP attack surfaces with MEDUSA

Run a focused preflight scan over agent and MCP repositories to catch poisoned instruction files, dangerous configs, and AI-specific supply-chain risks before merge or deployment.

Security & VerificationCustom Agents
Security & Verification Custom Agents Security Reviewed
⭐ 256 GitHub stars
INSTALL WITH ANY AGENT
npx skills add agentskillexchange/skills --skill scan-agent-repos-for-repo-poisoning-unsafe-ai-config-files-and-mcp-attack-surfaces-with-medusa Copy
Works best when you want a reusable capability, not another fragile one-off prompt.
View source
At a glance
Tools required
Python 3 environment, pip, MEDUSA package, access to the local repo or target GitHub repository, and optional external linters for expanded coverage
Install & setup
Install the upstream package with pip install medusa-security, then run medusa scan against the target repository or use medusa scan –git against the remote GitHub repo to review AI security findings before merge or deployment.
Author
Pantheon Security
Publisher
Organization
Last updated
Apr 22, 2026
Quick brief

Use MEDUSA when an agent or security reviewer needs one preflight scan over an agent-oriented repository to surface AI-specific attack paths before the repo is trusted or shipped. The point is not general vulnerability management. The bounded operator workflow is to scan a local or remote repo for poisoned AI editor files, prompt-injection surfaces, unsafe MCP configurations, and related supply-chain issues, then review the resulting findings before merge, deployment, or onboarding the repo into an agent workflow. That boundary, repo-level AI security screening with explicit repo-poisoning and MCP coverage, keeps this narrower than a plain scanner listing.