We Audited 2,857 Agent Skills. 12% Were Malicious (grith.ai)

A recent audit of 2,857 AI agent skills revealed that 12% (341) were identified as malicious, highlighting significant vulnerabilities within the growing ecosystem of AI-powered coding assistants. Unlike synthetic proof-of-concept tools, these skills reside in a live environment, leading to serious implications for user trust and security. The invasive nature of these skills allows them to alter an agent’s functionality and access sensitive tools and scripts upon installation, creating a software supply chain with agent-level privileges. As the number of publicly available skills continues to rise, the audit underscores the importance of treating these skills similarly to existing software supply chain risks, such as those found in npm or PyPI repositories. Current defensive measures, including prompt hardening and OS sandboxing, may mitigate risk but are not foolproof against in-scope exfiltration. The call for heightened vigilance during the execution phase, where real-time evaluations of commands and file accesses occur, is crucial. This post serves as an urgent reminder for developers to implement more robust security frameworks around AI tools, particularly as they gain increasing functionality and autonomy in programming tasks.