{"data":{"id":"c377e696-9870-4ac5-bc0d-edd78e57a251","title":"The sorry state of skill distribution","summary":"Public marketplaces for AI skills (specialized add-ons that extend AI agent capabilities) are being flooded with malicious skills that steal passwords and data. Security companies have released skill scanners to detect these threats, but researchers found that these scanners are easy to bypass, sometimes in under an hour, because they rely on static detection methods that attackers can repeatedly modify to evade.","solution":"N/A -- no mitigation discussed in source.","labels":["security","safety"],"sourceUrl":"https://blog.trailofbits.com/2026/06/03/the-sorry-state-of-skill-distribution/","publishedAt":"2026-06-03T11:00:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain","prompt_injection","data_extraction"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic","OpenAI","Google"],"affectedVendorsRaw":["Anthropic","OpenAI","Google","Cisco","Vercel","VirusTotal","OpenClaw","Gen","Socket","Snyk","ClawHub"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-03T11:00:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}