cd /news/ai-agents/malicious-ai-agent-skills-can-slip-p… · home topics ai-agents article
[ARTICLE · art-52162] src=helpnetsecurity.com ↗ pub= topic=ai-agents verified=true sentiment=↓ negative

Malicious AI agent skills can slip past the scanners built to stop them

Malicious AI agent skills can evade security scanners designed to detect them, according to a new report. The skills, which are add-ons for AI coding agents like Claude Code and OpenAI Codex, are distributed through public marketplaces that have rapidly grown to over 40,000 listings. This poses a significant security risk as developers may unknowingly load harmful capabilities.

read1 min views1 publishedJul 9, 2026

Developers who build with AI coding agents grab capabilities off public marketplaces the same way they grab packages from npm or PyPI. The add-ons are called agent skills. Each one is a little bundle of plain-English instructions, scripts, and files that a tool such as Claude Code or OpenAI Codex loads when it needs a new trick. One marketplace filled up with more than 40,000 listed skills within months of the format showing up in … More

The post Malicious AI agent skills can slip past the scanners built to stop them appeared first on Help Net Security.

── more in #ai-agents 4 stories · sorted by recency
── more on @claude code 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/malicious-ai-agent-s…] indexed:0 read:1min 2026-07-09 ·