Security

Sundial verifies skills with multiple automated checks before showing results in the product. We use the Cisco AI Skill Scanner, Semgrep, and model-based review to catch risky patterns, suspicious instructions, and security issues that may affect how a skill behaves.

For cases that are more ambiguous, we add manual review so users are not relying on automation alone. If a skill is flagged, the UI shows a short security report with severity and a brief explanation of what triggered it, so you can quickly understand the risk and decide what to do next.