Skip to content

Roadmap: semantic artifact linting#23

Draft
charliechenye wants to merge 3 commits into
mainfrom
roadmap/semantic-artifact-linting
Draft

Roadmap: semantic artifact linting#23
charliechenye wants to merge 3 commits into
mainfrom
roadmap/semantic-artifact-linting

Conversation

@charliechenye

Copy link
Copy Markdown
Owner

Summary

This is a planning-only roadmap PR for adding semantic artifact linting without pivoting SkillGate into runtime prompt-injection protection.

It adds:

  • docs/roadmaps/semantic-artifact-linting.md with the product decision, scope, non-goals, taxonomy, staged roadmap, output contract, PR sequence, and open questions.
  • a future_steps.md pointer that places semantic artifact linting under Later Work and explicitly keeps it local-first, opt-in, advisory, and bounded to shipped artifacts.

Product decision

SkillGate should not become a runtime prompt-injection firewall, hosted dashboard, malware scanner, or generic agent framework. The proposed direction is a narrower extension:

Semantic artifact linting for agent-facing instructions that are already shipped in skills, MCP configs, MCPB bundles, manifests, prompt templates, README files, and other static text artifacts.

The first implementation milestone should be a deterministic text inventory and high-precision advisory rule pack, not a classifier, runtime monitor, or blocking policy gate.

Why this helps SkillGate stand out

Most current benchmark and security work around InjecAgent, AgentDojo, MCP security, OWASP GenAI, and prompt-injection defenses focuses on runtime behavior, dynamic tool use, or agent environments. SkillGate can own a narrower and more reviewable layer: making the semantic instructions that ship with agent artifacts visible before install or merge.

That supports the core positioning:

  • deterministic pre-install and pre-merge review;
  • evidence over speculation;
  • no execution;
  • no hidden network calls;
  • advisory review before enforcement;
  • honest separation between static artifact risk and runtime agent safety.

Non-goals

This roadmap does not propose:

  • live webpage scanning;
  • email/RAG/runtime-content monitoring;
  • MCP server execution;
  • dependency installation;
  • hosted prompt firewall integration by default;
  • automated exploit generation;
  • malware claims;
  • default blocking policy;
  • telemetry;
  • broad LLM moderation.

Suggested implementation sequence

  1. Roadmap and taxonomy.
  2. Semantic text inventory.
  3. Deterministic rule pack MVP.
  4. review preinstall --semantic integration.
  5. Public evidence pack.
  6. Policy opt-in.
  7. Optional local classifier experiment only after benchmark evidence.

Validation

Documentation-only change. No code or tests are expected for this planning PR.

Review focus

Please review whether the roadmap is sufficiently narrow, credible, and differentiated before implementation begins.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant