AI Agent Skills Create New Supply Chain Attack Surface
Source: The Register: Biting the hand that feeds
As developers integrate third-party AI agent skills into production systems—granting them access to secured resources and data—they're installing privileged code with minimal vetting. A compromised skill package can pivot from its intended function to exfiltrate credentials, manipulate databases, or move laterally across infrastructure, all while appearing to execute legitimate AI-assisted tasks. This mirrors npm/PyPI vulnerabilities but with higher stakes: agents operate with standing access rather than one-time execution, so a poisoned skill can affect the entire enterprise.