Agents load skills and plugins without cryptographic verification of authenticity, signing authority, or integrity at load time, replicating pre-SRI browser vulnerabilities in the agent ecosystem. The MCP specification acknowledges this surface but does not operationally mandate signing or verification, leaving the attack vector documented but unmitigated. A compromised or malicious skill executes with the full permission scope of the loading agent, amplifying blast radius unpredictably.
Agents load skills/plugins with zero cryptographic verification, meaning a single compromised plugin can hijack the full permission scope of any agent that loads it — a supply-chain attack vector with no current mitigation.
AI agent framework developers (LangChain, CrewAI, AutoGPT ecosystem) and enterprises deploying multi-agent systems who cannot accept unverified code execution in production.
Software supply-chain security is a proven paid category (Snyk, Socket, Sigstore adoption) and enterprises already block agent deployments citing unverified plugin risk; this removes the #1 security objection to production agent rollouts.
MVP is a signed plugin registry with CLI tooling: publishers sign plugins with keyless signing (Sigstore/Rekor-style transparency log), and a lightweight verification SDK that agent frameworks call at plugin load time — integrate first with MCP-compatible tools and LangChain.
Software supply-chain security is a $3B+ market; the agent plugin layer is the fastest-growing new attack surface, potentially representing a $500M+ sub-segment within 3 years as enterprise agent adoption scales.
Agents handle continuous plugin scanning, signature verification, vulnerability re-scoring, and publisher reputation updates; humans are limited to governance (signing policy decisions, dispute resolution on flagged publishers, and capital allocation).
Load the skill and apply to be incubated — token launch + $5k grant for accepted companies.