A marketplace where AI agents or users can discover, evaluate, and install executable skills or tools. In governance terms, it combines software distribution with identity decisions because the installed package can act on behalf of a user or agent with inherited authority.
Expanded Definition
An agentic skill marketplace is more than an app store for AI. It is a distribution and trust layer where an AI agent or human operator discovers executable skills, reviews them, and installs them into a workflow that can inherit identity, permissions, and tool access. In NHI governance, the central issue is not just whether the skill works, but what authority it receives after installation and how that authority is constrained.
Definitions vary across vendors, because some marketplaces package prompts or extensions while others distribute code, connectors, or autonomous actions. That distinction matters under OWASP Agentic AI Top 10 and the NIST AI Risk Management Framework, because installation can become an implicit trust decision. NHI Management Group treats the marketplace itself as part of the attack surface, not just a procurement channel.
The most common misapplication is treating a marketplace install like a harmless software add-on, which occurs when teams approve capability without mapping the installed skill to the agent’s effective privileges.
Examples and Use Cases
Implementing an agentic skill marketplace rigorously often introduces review overhead and permission friction, requiring organisations to weigh faster agent enablement against stronger identity governance.
- A customer support agent installs a refund-processing skill that can trigger payments. The marketplace must verify the skill’s signed provenance, scope, and whether the agent should inherit payment authority.
- A software engineer adds a code-review skill that can open pull requests. Governance should check whether the tool can also read secrets, modify build pipelines, or reach protected repositories.
- An operations team uses a skill marketplace to connect ticketing, cloud, and chat tools. The skill may appear narrow, but its chained actions can expose service accounts and expansion paths if not limited.
- A compliance group evaluates third-party skills through Ultimate Guide to NHIs — The NHI Market guidance and aligns the approval process with MITRE ATLAS adversarial AI threat matrix to anticipate abuse paths.
- A security team compares marketplace-installed skills against the controls discussed in OWASP NHI Top 10 to ensure each skill’s runtime access is narrower than its advertised function.
For implementation patterns, practitioners also look at the CSA MAESTRO agentic AI threat modeling framework when a marketplace distributes multi-step capabilities across multiple tools.
Why It Matters in NHI Security
Agentic skill marketplaces matter because they turn installation into delegated authority. If a skill inherits a user’s or agent’s identity without explicit scoping, the marketplace becomes a fast path to privilege expansion, secret exposure, and unreviewed data movement. NHIMG’s research shows why this is urgent: in the AI Agents: The New Attack Surface report, 80% of organisations said their AI agents had already acted beyond intended scope, and 52% could track and audit the data those agents accessed. That gap is especially dangerous when skills are installed casually and then left active.
Marketplace governance also has to account for compromised secrets. The LLMjacking research shows attackers move quickly once credentials are exposed, which is why skill approval cannot rely on vendor claims alone. A mature program pairs install-time review with ongoing entitlement checks, secret isolation, and revocation paths.
Organisations typically encounter the operational impact only after an agent abuses a skill, at which point the marketplace design itself becomes unavoidable to investigate and contain.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Covers improper secret handling and trust boundaries for installed agent skills. |
| OWASP Agentic AI Top 10 | A1 | Addresses over-permissioned agent actions and unsafe tool installation paths. |
| NIST AI RMF | Frames agentic systems as socio-technical risks requiring lifecycle governance. |
Assess marketplace-installed skills for risk, monitor behavior, and govern revocation continuously.
