How a malicious AI agent skill passed security checks and reached 26,000 users

Researchers demonstrated that a malicious AI agent skill (a reusable tool that extends an AI agent's capabilities) passed security scanners and reached 26,000 users by exploiting a gap in how skills are reviewed. The attack worked by hiding malicious instructions behind a fake website domain that redirected to a legitimate site during security checks, then changed its content after approval to collect user data, showing that one-time security scans cannot detect skills that behave differently after they gain trust.