A distribution layer where third-party extensions add capabilities to an AI agent or assistant. The security issue is not just the code itself, but the access it requests, the data it can read, and the way it can steer privileged actions through the host runtime.
Expanded Definition
A skill marketplace is a distribution layer for agent capabilities, where third-party extensions, plugins, or tools are made available to an AI agent or assistant. In NHI security, the marketplace matters because it introduces new trust boundaries: the extension may be benign, but the access it requests, the data it can observe, and the privileged actions it can trigger define the real risk.
Definitions vary across vendors, and no single standard governs this yet. Some products treat a skill as a narrowly scoped action, while others bundle retrieval, execution, and data access into one package. For governance purposes, the key distinction is not whether the offering is called a skill, plugin, or app, but whether the host runtime can enforce least privilege, consent, and auditability. The NIST Cybersecurity Framework 2.0 is useful here because it frames the need to identify, protect, detect, respond, and recover across shared responsibility boundaries. For broader NHI context, NHI Management Group’s Ultimate Guide to NHIs — The NHI Market explains why third-party access amplifies identity risk.
The most common misapplication is treating a skill marketplace as a simple app store, which occurs when reviewers evaluate feature usefulness but not the agent permissions and runtime authority granted at install time.
Examples and Use Cases
Implementing a skill marketplace rigorously often introduces approval and isolation overhead, requiring organisations to weigh developer convenience against tighter control over data exposure and delegated actions.
- A customer support agent installs a refund skill that can read order history and trigger payment reversals, so the marketplace must limit the skill to specific accounts and actions.
- A procurement assistant uses a document-summarisation skill that requests mailbox access, making consent scope and logging critical to prevent silent overreach.
- An engineering agent adds a deployment skill that can push code and modify CI/CD settings, which requires explicit separation between read-only telemetry and write-capable operations.
- A healthcare workflow assistant connects to a triage skill that can retrieve patient records, where the marketplace must enforce data minimisation and record-level authorization.
- A financial operations agent installs a reconciliation skill that can initiate transfers, so the host runtime needs step-up approval and strong audit trails before execution.
NHIMG’s The NHI Market research is especially relevant because third-party exposure is a recurring pattern in this control surface. For implementation patterns, the NIST Cybersecurity Framework 2.0 helps organisations map discovery, protection, and response requirements to marketplace governance.
Why It Matters in NHI Security
A skill marketplace becomes a security issue when third-party extensions inherit the agent’s identity, trust, or session context. That can turn a useful capability into a high-impact access path for secrets, customer data, infrastructure controls, and downstream systems. In NHI programs, this is often where privilege sprawl begins: one approved skill is added for convenience, then another, and soon the host runtime has become an uncontrolled broker of delegated authority.
NHI Management Group data shows that 92% of organisations expose NHIs to third parties, raising supply chain security concerns, and 97% of NHIs carry excessive privileges, increasing unauthorised access. Those conditions make skill marketplaces especially sensitive because the marketplace can become the fastest route from benign integration to broad compromise. This is why the issue is not only code review, but also entitlement review, secret handling, and revocation discipline. CISA guidance on identity hardening and the NIST Cybersecurity Framework 2.0 both reinforce the need for strong control of access pathways and recovery after compromise.
Organisations typically encounter the full risk of a skill marketplace only after a malicious or overprivileged extension is installed and an incident reveals that agent authority was broader than intended, at which point skill governance becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | Agent tool ecosystems are a core risk area for untrusted extensions and overbroad execution. | |
| OWASP Non-Human Identity Top 10 | NHI-05 | Third-party extensions often expand NHI trust boundaries and secret exposure. |
| NIST CSF 2.0 | PR.AC-4 | Marketplace access must be controlled and continuously reviewed under least-privilege principles. |
Restrict marketplace skills to least privilege and verify each granted entitlement against business need.
