Malicious AI agent skills can slip past the scanners built to stop them Malicious AI agent skills can evade security scanners designed to detect them, according to a new report. The skills, which are add-ons for AI coding agents like Claude Code and OpenAI Codex, are distributed through public marketplaces that have rapidly grown to over 40,000 listings. This poses a significant security risk as developers may unknowingly load harmful capabilities. Developers who build with AI coding agents grab capabilities off public marketplaces the same way they grab packages from npm or PyPI. The add-ons are called agent skills. Each one is a little bundle of plain-English instructions, scripts, and files that a tool such as Claude Code or OpenAI Codex loads when it needs a new trick. One marketplace filled up with more than 40,000 listed skills within months of the format showing up in … More https://www.helpnetsecurity.com/2026/07/09/malicious-ai-agent-skills-scan/ The post Malicious AI agent skills can slip past the scanners built to stop them https://www.helpnetsecurity.com/2026/07/09/malicious-ai-agent-skills-scan/ appeared first on Help Net Security https://www.helpnetsecurity.com .