Agent Skills in the Wild: 26% of AI add-ons show security risks

Kari Jaaskelainen

16 Jan 2026 — 1 min read

AI agents get their superpowers from "skills" - plug-ins that add instructions and code. A new large-scale study of 31,132 skills from two marketplaces finds a big security gap.

26.1% of skills had at least one vulnerability across 14 patterns in four buckets: prompt injection, data exfiltration, privilege escalation, and supply chain risks.
Data exfiltration (13.3%) and privilege escalation (11.8%) were most common; 5.2% showed high-severity, likely malicious behavior.
Skills that bundle executable scripts were 2.12x more likely to be vulnerable than instruction-only skills.
The team built SkillScan (86.7% precision, 82.5% recall) and released an open dataset/toolkit.

Why it matters: skills often run with implicit trust. Without guardrails, they can siphon data, abuse permissions, or smuggle in supply-chain attacks at scale.

Call to action: adopt capability-based permissions, sandbox execution, and mandatory vetting before publishing or installing skills. Paper: https://arxiv.org/abs/2601.10338v1 (Yi Liu et al.)

Paper: https://arxiv.org/abs/2601.10338v1

Register: https://www.AiFeta.com

AI Cybersecurity AIAgents LLM Security SupplyChain DataExfiltration PromptInjection AppSec

Meet GRACE: a moral governor for safer, more transparent AI

AI agents are getting powerful—so how do we make sure they do the right thing, not just the effective thing? Meet GRACE, a reason-based moral governor that keeps AI behavior aligned with human norms by separating moral reasoning from goal-driven decision-making. * Moral Module: uses deontic logic and explicit reasons

Why some fine-tuned LLMs miss phishing—and how to fix it

Not all fine-tuned LLMs spot phishing equally. A new study tests Llama 3.1 8B, Gemma 2 9B, and Mistral on high-stakes phishing detection—and uses SHAP and mechanistic interpretability to reveal why models do (or don’t) generalize. * Architecture × data diversity matters: Gemma 2 9B hits state-of-the-art performance (F1

AI that explains itself—by following the science

AI that explains itself—by following the science Black-box AI can be powerful, but it often can’t tell us why it made a decision. Concept Bottleneck Models (CBMs) try to fix that by predicting human-understandable concepts first, then the final answer. The catch: standard CBMs ignore domain-specific cause-and-effect and

Meet GenomAgent: A Team of AI Specialists for Smarter Genomics Q&A

TL;DR: Finding reliable answers in genomics is hard. GenomAgent turns one big AI into a coordinating team of specialists—and beats the current leader by 12% on a key benchmark. Genomic facts live across many databases. Standard chatbots struggle because they can’t flexibly query those sources. GeneGPT added

Read more

Meet GRACE: a moral governor for safer, more transparent AI

Why some fine-tuned LLMs miss phishing—and how to fix it

AI that explains itself—by following the science

Meet GenomAgent: A Team of AI Specialists for Smarter Genomics Q&A