{"data":{"id":"a648f330-44f6-4d1d-9ec0-c91238edeee8","title":"How a malicious AI agent skill passed security checks and reached 26,000 users","summary":"Researchers demonstrated that a malicious AI agent skill (a reusable tool that extends an AI agent's capabilities) passed security scanners and reached 26,000 users by exploiting a gap in how skills are reviewed. The attack worked by hiding malicious instructions behind a fake website domain that redirected to a legitimate site during security checks, then changed its content after approval to collect user data, showing that one-time security scans cannot detect skills that behave differently after they gain trust.","solution":"N/A -- no mitigation discussed in source. (The source describes the problem and quotes experts saying enterprises should treat skills as 'living dependencies' requiring 'continuous validation and strict runtime controls' and maintain an 'enterprise-wide AI skills inventory,' but these are expert recommendations, not explicit solutions mentioned as implemented or proposed by the researchers.)","labels":["security","safety"],"sourceUrl":"https://www.csoonline.com/article/4188840/how-a-malicious-ai-agent-skill-passed-security-checks-and-reached-26000-users.html","publishedAt":"2026-06-24T10:22:05.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Google","Stitch","Cisco","NVIDIA"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-24T10:22:05.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}