Details
When a developer installs an AI agent skill, they are making a trust decision they almost certainly do not know they are making. Snyk's ToxicSkills research into 3,000+ skills from ClawHub and skills.sh found that 36% contain security flaws and 13% contain critical issues, including credential theft, backdoor installation, and active prompt injection payloads. And 91% of confirmed malicious skills combine traditional malware with prompt injection in a single artifact.
This is not a theoretical risk. This is a supply chain that is already under active exploitation. In this session, we'll examine three documented attack chains and define what a rigorous defense of the agentic action layer requires.
Presenters:
Sonya Moisset
Staff AI Security Advocate, Snyk
Join Now for More Content & Events
For event and sponsorship inquiries, please email: [email protected]