DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library
  1. DZone
  2. Events
  3. Video Library
  4. Toxic Flows: When Your Agent Skill Becomes a Supply Chain Attack

Toxic Flows: When Your Agent Skill Becomes a Supply Chain Attack

Details

When a developer installs an AI agent skill, they are making a trust decision they almost certainly do not know they are making. Snyk's ToxicSkills research into 3,000+ skills from ClawHub and skills.sh found that 36% contain security flaws and 13% contain critical issues, including credential theft, backdoor installation, and active prompt injection payloads. And 91% of confirmed malicious skills combine traditional malware with prompt injection in a single artifact. 

This is not a theoretical risk. This is a supply chain that is already under active exploitation. In this session, we'll examine three documented attack chains and define what a rigorous defense of the agentic action layer requires.

Presenters:

Presenter Avatar

Sonya Moisset

Staff AI Security Advocate, Snyk

Join Now for More Content & Events

For event and sponsorship inquiries, please email: [email protected]

  • RSS
  • X
  • Facebook

ABOUT US

  • About DZone
  • Support and feedback
  • Community research

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 215
  • Nashville, TN 37211
  • [email protected]

Let's be friends:

  • RSS
  • X
  • Facebook