Malicious AI agent skills can slip past the scanners built to stop them
Developers who build with AI coding agents grab capabilities off public marketplaces the same way they grab packages from npm or PyPI. The add-ons are called agent skills. Each one is a little bundle of plain-English instructions, scripts, and files that a tool such as Claude Code or OpenAI Codex loads when it needs a new trick. One marketplace filled up with more than 40,000 listed skills within months of the format showing up in … More
The post Malicious AI agent skills can slip past the scanners built to stop them appeared first on Help Net Security.