r/AI_Agents: Agent Threat Rules — Community-Authored Open YAML Detection Format for Prompt Injection, Tool-Call Abuse, and SKILL.md Tampering in AI Agents

A community developer introduced an open detection rule format for AI agent security threats, structured like Sigma or YARA rules — YAML definitions covering prompt injection attempts, malicious tool-call argument patterns, and suspicious SKILL.md content modifications. The format provides a portable, team-shareable way to codify agent-specific detection logic that can layer over existing SIEM infrastructure without requiring model-level changes, targeting the gap between general-purpose security tooling and agentic-specific attack surfaces.