Agent Skills in the Wild: An Empirical Study of Security Vulnerabilities at Scale

Jan 15, 2026·

Yi Liu

Weizhe Wang

Ruitao Feng

Yao Zhang

Guangquan Xu

Gelei Deng

Yuekang Li

Leo Zhang

· 1 min read

PDF DOI arXiv

Abstract

This empirical study analyzes security vulnerabilities in AI-agent skills at scale. It collects skills from major marketplaces, applies SkillScan to detect vulnerable and malicious patterns, and builds a taxonomy spanning prompt injection, data exfiltration, privilege escalation, and supply-chain risks.

Type

Preprint

Publication

arXiv preprint arXiv:2601.10338

This work studies agent skills as an emerging software supply-chain attack surface and provides empirical evidence for capability-based permissions and mandatory security vetting of skill ecosystems.

Last updated on Jan 15, 2026

AI Agents AI Security Supply Chain Security Software Security

Authors

Gelei Deng

← What Makes a Good LLM Agent for Real-world Penetration Testing? Feb 19, 2026

RSafe: Incentivizing Proactive Reasoning to Build Robust and Adaptive LLM Safeguards Dec 2, 2025 →