You don't know your AI stack.

AI tooling has no supply chain. No audit trail. No npm audit equivalent. No lockfile you can trust. You install MCPs, agents, skills, hooks. They get access to your files, your context, your code. A