JFrog Skills and MCP Tools Guide 2026

JFrog Skills and MCP Tools Guide 2026: Give Your Coding Agents Safe Artifact Context

If your coding agents can’t see your artifact repository, they’re flying blind. They’ll guess dependency versions, hallucinate package names, and suggest upgrades that don’t exist. But giving an AI agent direct access to Artifactory is a bad idea — one prompt injection and your entire binary repository is an attack surface. JFrog solves this with two complementary paths: JFrog Skills (open-source agent skills) and the JFrog MCP Server (remote SaaS MCP server). Both give agents safe, governed access to artifact context, but they work differently and suit different use cases. Here is how both work, when to use each, and how to set them up without compromising security. ...

July 4, 2026 · 10 min · baeseokjae
Snyk Evo ADS Review 2026

Snyk Evo ADS Review 2026: Real-Time Security Governance for Agentic Development

If your team is running AI coding agents in production — Claude Code, Cursor, Windsurf, GitHub Copilot — you’ve probably already felt the gap between traditional AppSec and what these agents actually do. Traditional security tools scan committed code. Agents don’t just write code; they install MCP servers, download skills, run shell commands, and make API calls. By the time a traditional SAST scan runs, the damage is already done. ...

July 4, 2026 · 9 min · baeseokjae
Agent Skills Supply Chain Security Guide 2026

Agent Skills Supply Chain Security Guide 2026

Agent Skills supply chain security means treating every SKILL.md, referenced file, script, and marketplace update as executable influence over your AI agent. In practice, skills are closer to npm packages or CI actions than documentation, because a small metadata change can redirect planning, tool use, file access, and data movement. Why did Agent Skills become a supply chain problem in 2026? I’ve found that teams adopt Agent Skills for the same reason they adopted package managers: reuse beats rebuilding every workflow by hand. A skill can package conventions for code review, deployment, incident response, design handoff, or data analysis. The format is intentionally lightweight, which is exactly why it spreads quickly across tools such as Claude Code, OpenAI Codex, Cursor, GitHub Copilot, Gemini CLI, VS Code, Windsurf, and OpenClaw-style marketplaces. ...

July 3, 2026 · 15 min · baeseokjae