One post tagged with "ToxicSkills"

On February 5, 2026, Snyk Labs published the ToxicSkills study — the first large-scale security audit of AI agent skills. They scanned 3,984 publicly listed skills across every major registry. The results should concern every developer using AI agents.

1,467 skills (36.82%) contained at least one security flaw. Of those, 76 contained confirmed malicious payloads — not accidental overpermissions, but deliberate credential theft, reverse shells, and data exfiltration.