Securing the Skills Layer Feb 7, 2026 Skills bundle instructions, scripts, and MCP servers into a single installable package. That convenience is also the attack surface. ai-safety mcp supply-chain security