Study Finds Over One Quarter of AI Agent Skills Contain Vulnerabilities

Global: Study Finds Over One Quarter of AI Agent Skills Contain Vulnerabilities

A new arXiv paper reports that 26.1% of AI agent skills collected from two leading marketplaces exhibit at least one security vulnerability. The researchers examined 42,447 skills, applying a multi‑stage analysis to 31,132 of them, and identified 14 distinct vulnerability patterns across four broad categories.

Methodology and Detection Framework

The authors introduced SkillScan, which combines static code analysis with large‑language‑model‑based semantic classification. This approach achieved 86.7% precision and 82.5% recall when validated against a manually curated set of 8,126 vulnerable skills.

Vulnerability Taxonomy

Four primary categories emerged: prompt injection, data exfiltration, privilege escalation, and supply chain risks. Data exfiltration accounted for 13.3% of examined skills, while privilege escalation appeared in 11.8%.

Prevalence and Severity

Overall, 5.2% of the skills displayed high‑severity patterns that strongly suggest malicious intent. Skills that bundled executable scripts were 2.12 times more likely to contain vulnerabilities than instruction‑only skills (odds ratio=2.12, p<0.001).

Implications for the Ecosystem

The findings highlight an uncharacterized attack surface within AI agent frameworks, where implicit trust in third‑party skills could be leveraged for unauthorized data access or system compromise.

Recommendations and Future Work

The authors call for capability‑based permission systems and mandatory security vetting before deployment. They also released an open dataset and the SkillScan toolkit to enable further research and mitigation efforts.

This report is based on information from arXiv, licensed under Academic Preprint / Open Access. Based on the abstract of the research paper. Full text available via ArXiv.