Scary Agent Skills: Hidden Unicode Instructions in Skills ...And How To Catch Them
Summary
Skills (tools that extend AI capabilities) can be secretly backdoored using invisible Unicode characters (special hidden text markers that certain AI models like Gemini and Claude interpret as instructions), which can survive human review because the malicious code is not visible to readers. The post demonstrates this supply chain attack (where malicious code enters a system through a trusted source) and presents a basic scanner tool that can detect such hidden prompt injection (tricking an AI by hiding instructions in its input) attacks.
Solution / Mitigation
The source mentions that the author 'had my agent propose updates to OpenClaw to catch such attacks,' but does not explicitly describe what those updates are or provide specific implementation details for the mitigation strategy.
Classification
Affected Vendors
Related Issues
Original source: https://embracethered.com/blog/posts/2026/scary-agent-skills/
First tracked: February 12, 2026 at 02:20 PM
Classified by LLM (prompt v3) · confidence: 85%