Agent Supply Chain Integrity Generate and verify integrity manifests for AI agent plugins and tools. Detect tampering, enforce version pinning, and establish supply chain provenance. Overview Agent plugins and MCP servers have the same supply chain risks as npm packages or container images — except the ecosystem has no equivalent of npm provenance, Sigstore, or SLSA. This skill fills that gap. When to Use - Before promoting a plugin from development to production - During code review of plugin PRs - As a CI step to verify no files were modified after review - When auditing third-party agent t…