Snyk Finds Prompt Injection in 36% of Payloads in a ToxicSkills Study
9 hours ago
- #Supply Chain Compromise
- #Agent Skills Security
- #Prompt Injection
- Snyk's ToxicSkills study reveals 36.82% (1,467) of agent skills contain security flaws, with 13.4% (534) having critical issues like malware and prompt injection.
- Agent skills inherit high permissions (shell access, file systems, credentials), making them more dangerous than traditional packages, especially with prompt injection attacks.
- The study found 76 confirmed malicious payloads, including credential theft and data exfiltration, with 8 still live on ClawHub; attack techniques include external malware distribution and obfuscated data exfiltration.
- Insecure design issues are widespread: 10.9% of skills expose hardcoded secrets, 17.7% fetch untrusted third-party content, and 2.9% have unverifiable dependencies.
- Snyk offers defense tools like mcp-scan for scanning, AI-BOM for inventory, and Evo by Snyk for runtime protection, emphasizing the need for automated security in the agent skills supply chain.