How We Secure Your Chatbot Experience
Every skill chat on Skills IL is end-to-end encrypted. Discover the 6 security layers that keep your data safe while chatting.
How We Secure Your Chatbot Experience
When you click "Try this Skill" on Skills IL, you start a live conversation with an AI agent. That agent can use tools, connect to services, and run code on your behalf. We take that seriously. Every message you send is encrypted end-to-end, sensitive data never reaches the AI directly, and each user's session is completely isolated.
Here are the 6 security layers that protect you.
1. End-to-End Encryption
Every chat session is encrypted from start to finish using a dedicated protocol built for agent-to-human communication.
What this means for you:
- No sign-up needed: Your browser creates a unique cryptographic identity for each session. No accounts or passwords required.
- Encrypted before it leaves: Every message is encrypted in your browser before it goes anywhere. The server in the middle only sees scrambled data it cannot read.
- Tamper-proof: Each message is digitally signed, so nobody can alter or fake messages in transit.
Even we cannot read your conversations. The server that passes messages between you and the agent has no way to decrypt them.
2. Secret Protection
AI agents sometimes need access to API keys and credentials to do useful work. The challenge is making sure those secrets stay safe even when an agent can run code freely.
Here is how we handle it:
- Secrets are encrypted immediately when added and never shown again, not even to you.
- The agent never sees the real value. Instead, it gets a meaningless placeholder token.
- The real secret is only revealed at the exact moment it is needed, for a split second, when the agent contacts an approved service. If someone tries to send it elsewhere, only the useless placeholder arrives.
- The AI itself has no access to secret values. It knows a secret exists and which service it is for, but the actual key or password is never in its memory.
Bonus: If you accidentally paste an API key into the chat, the system catches it automatically and replaces it with a safe placeholder before it reaches the AI.
3. User Isolation
Your conversations are yours alone. On Skills IL, each user's chat session is completely walled off from every other user.
This is not just a rule the AI is told to follow. The tools that could access other users' data are physically removed from the agent's capabilities. The AI literally has no way to look up, reference, or leak another user's information, even if someone tries to trick it into doing so.
4. Hallucination Detection
AI models can sometimes make things up. We address this with an automatic fact-checking layer:
- After the agent responds, a separate verification model reviews the answer against everything that happened in the conversation.
- If the answer contradicts tool results, includes made-up details, or confidently answers something it does not actually know, it gets flagged.
- The agent re-runs with the correction, and you get an accurate response instead.
This catches the most common AI mistakes: inventing numbers, fabricating details, and giving confident answers without real information to back them up.
5. Prompt Injection Protection
Some users might try to trick the AI into revealing its internal instructions or behaving in unintended ways. We have multiple layers to prevent this:
- Built-in guardrails: The agent is designed to never expose its system instructions or internal configuration.
- Automatic blocking: Detected manipulation attempts result in temporary bans with admin notifications.
- Rate limiting: Prevents flooding and brute-force extraction attempts.
- Safe by design: Even in the unlikely event someone sees the full system instructions, they would only find configuration details, not passwords, credentials, or business logic. Secrets are stored separately and never appear in the prompt.
6. Verified API Calls
When the agent calls external services on your behalf, those services need to know exactly who is making the request.
Here is how we ensure that:
- The agent prepares the request.
- Our server attaches verified information about you, the conversation, and the platform.
- The entire request is digitally signed so it cannot be tampered with.
- The external service can verify the signature and trust the identity, because it came from our infrastructure, not from the AI.
- Timestamps prevent old requests from being replayed.
Nobody can make the agent call a service pretending to be someone else. Your identity is verified by the server, not generated by the AI.
Summary
| What we protect | How |
|---|---|
| Your messages | End-to-end encryption (same standards as Signal and WhatsApp) |
| Secrets & API keys | Never visible to the AI; only used at the moment of need |
| Your privacy | Complete isolation between users, enforced at the system level |
| Accuracy | Automatic fact-checking with a separate verification model |
| Against manipulation | Multi-layer prompt injection protection |
| External API calls | Digitally signed with verified identity |
Frequently Asked Questions
Can Skills IL read my chat messages? No. Messages are encrypted in your browser before they leave. The server only handles scrambled data it cannot read.
What if I accidentally paste an API key in the chat? The system detects it automatically and replaces it with a safe placeholder before the AI ever sees it.
Can another user see my conversations? No. User isolation is built into the system architecture. The AI has no way to access another user's data.
What encryption is used? We use the same industry-standard encryption as Signal and WhatsApp: Ed25519, RSA-2048, and AES-256-GCM.
Does E2E encryption work for voice calls too? Yes. Voice calls use the same encrypted channel, so even call setup metadata is protected.
Further Reading
- Skills IL Security Page - Our security practices and trust scoring system
- Getting Started Guide - How to install and use skills