AI agent skill and package registries ship without signature verification, sandboxed execution, or tamper detection, creating systemic supply chain vulnerabilities analogous to pre-mitigation npm. Malicious packages including backdoors and self-erasing routines have already been found at scale in production registries. No cross-platform governance standard exists to audit, certify, or revoke agent skills.

Agent skill registries today have zero signature verification or tamper detection, letting malicious packages (backdoors, self-erasing routines) proliferate unchecked — the npm left-pad / event-stream crisis, but for autonomous agents with real-world capabilities.

Platform teams and DevOps leads at companies deploying AI agents in production who need supply-chain assurance before granting agents access to tools, APIs, and sensitive workflows.

Enterprises already pay for software supply-chain security (Snyk, Socket, Sigstore adoption) and will not deploy autonomous agents without equivalent guarantees; the pain is immediate because malicious agent packages have already been found in the wild and no cross-platform solution exists.

MVP is a registry proxy and CLI that wraps existing agent package registries (LangChain Hub, CrewAI tools, OpenAI plugin manifests) with cryptographic signing, provenance attestation (Sigstore/in-toto style), and lightweight WASM sandboxed test execution — ship as a GitHub Action + registry middleware in 6-8 weeks.

Software supply-chain security is a $3B+ market today (Snyk alone valued at $7B); the agent-specific slice will grow proportionally to agent deployments, conservatively $500M+ within 3 years as every enterprise agent platform needs this layer.