Alert

Snyk Finds Prompt Injection in 36%, 1467 Malicious Payloads in a ToxicSkills Study of Agent Skills Supply Chain Compromise

Snyk’s ToxicSkills research reveals 36% of AI agent skills contain security flaws, including 1,467 vulnerable skills and active malicious payloads targetin

AI Security · HIGH

Source: Snyk Security BlogFeb 5, 2026, 5:00 AMAI Securityhigh

Full content

Snyk’s ToxicSkills research reveals 36% of AI agent skills contain security flaws, including 1,467 vulnerable skills and active malicious payloads targeting OpenClaw, Claude Code, and Cursor users.

Related alerts

mult-agentes 1.0.0AI Security

Multi-agent framework with 684 skills, constitutional governance, 19-layer runtime pipeline, privacy, AI, skills, cognitive, scalability, observability , and Anthropic SDK integration.

ooai-llm 0.5.1AI Security

Typed LLM settings, LangChain-first factories, LiteLLM metadata enrichment, and callback helpers.

flyteplugins-openai 2.3.6AI Security

OpenAI plugin for flyte