A recent audit of Claude Code skills revealed significant security vulnerabilities, with over 13% containing critical issues and 36% exhibiting prompt-injection payloads. These malicious skills can exfiltrate sensitive data like SSH keys or execute harmful commands, often disguised within skill descriptions using invisible characters or base64 encoding. The findings highlight the urgent need for users to carefully vet skills before installation, especially as Anthropic's recent subscription changes may increase scrutiny on skill usage and associated costs. AI
IMPACT Vulnerabilities in AI agent skills necessitate user caution and may influence future development and marketplace curation.
RANK_REASON The cluster details findings from a security audit of a specific AI product's ecosystem. [lever_c_demoted from research: ic=1 ai=1.0]
Read on dev.to — Claude Code tag →
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →