Snyk Finds Prompt Injection in 36%, 1467 Malicious Payloads in a ToxicSkills Study of Agent Skills Supply Chain Compromise

The first comprehensive security audit of the AI Agent Skills ecosystem, conducted by Snyk security researchers, unveils significant vulnerabilities involving malware, credential theft, and prompt injection attacks, particularly affecting platforms like OpenClaw, Claude Code, and Cursor. The audit scanned a total of 3,984 skills, discovering that 13.4% contained critical security issues, including malware distribution and exposed secrets, while over a third had some form of security flaw. The research highlights that the Agent Skills ecosystem, characterized by rapid growth and inadequate security measures, poses a substantial risk due to its extensive access to credentials, file systems, and APIs, similar to early software package ecosystems like npm and PyPI. The study identifies a convergence of traditional malware with prompt injection techniques, which manipulate the AI agent's reasoning processes, significantly enhancing the effectiveness of attacks. Snyk's mcp-scan tool, utilized in this research, achieved high accuracy in detecting malicious patterns, emphasizing the urgent need for robust security practices in the evolving Agent Skills domain. The audit also identified eight malicious skills still publicly accessible on ClawHub, urging immediate defensive actions and highlighting the necessity for continuous and adaptive agentic security measures.