Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents
Security firm AIR created a fake, harmless AI agent skill named "brand-landingpage" to demonstrate how easily malicious skills could bypass current trust and security mechanisms. The skill successfully passed every scanner it was tested against and was distributed to an estimated 26,000 agents after being merged into a popular marketplace (inheriting its 36,000 stars) and promoted via Instagram ads. The deception worked because scanners only analyze the skill package itself, while the malicious component was hosted on an external, attacker-controlled link that pointed to legitimate documentation during the review but was swapped to a malicious payload after widespread installation. The article highlights this as a structural problem: skills are treated as static text, but their external dependencies can change at any time. It recommends that defenders treat skills as software, not text, vet external links continuously, pin versions, enforce least privilege, and control the source of skills, as current trust signals like scan results and GitHub stars are unreliable.
https://thehackernews.com/2026/06/fake-ai-agent-skill-passed-security.html
Comments
Post a Comment