Snyk Finds Prompt Injection in 36% of Payloads in a ToxicSkills Study (snyk.io)

Snyk researchers conducted a groundbreaking security audit of the Agent Skills ecosystem and uncovered significant vulnerabilities, including prompt injection attacks, malware, and credential theft across AI agents like OpenClaw, Claude Code, and Cursor. Their study, termed "ToxicSkills," examined nearly 4,000 skills, revealing that 13.4% contained critical security flaws, while a staggering 36.82% harbored at least one security issue. This alarming state of affairs was exacerbated by the rapid growth of the ecosystem, with skill submissions soaring from under 50 to over 500 per day, attracting malicious actors with little security oversight. The findings underscore a burgeoning supply chain security crisis in the AI space reminiscent of the early days of package ecosystems like npm and PyPI. Agent Skills inherit extensive permissions, including access to file systems and stored credentials, which amplifies the risk of exploitation. With over 76 identified malicious payloads capable of exfiltrating user data or installing backdoors, the audit not only exposes dangerous vulnerabilities but also highlights the urgent need for robust security measures within the growing Agent Skills landscape to mitigate potential exploitations and safeguard users.