ainativedev/latest-aidevcon-speakers-london-2026
AI Native DevCon 2026 London — all conference sessions as interactive skills
66
83%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Risky
Do not use without reviewing
outline.mdtalk-tal-skills-security/
Outline - Skills Security
Speaker
Liran Tal, security researcher and developer advocate, discusses agent skill security at AI Native DevCon.
Safety Status
This outline describes a safety-redacted public version of the talk. Demonstration mechanics and unsafe examples have been removed.
Thesis
Agent skills are part of the software supply chain. They need review, provenance, isolation, and operational limits because agents may treat skill instructions and bundled files as trusted guidance.
Section Map
- Speaker introduction and audience framing.
- Why installed skills need actual review.
- Skills as more than a single markdown file.
- Missing controls in early skill ecosystems.
- The toxic-flow model: private context, untrusted input, and outbound communication.
- Approval fatigue and the limits of human confirmation.
- Supply-chain parallels: easy publishing, fast adoption, and weak update review.
- Redacted unsafe demonstrations.
- Why simple pattern matching is not enough.
- Defensive posture: review, isolate, constrain, and monitor.
Concepts
- Skill as supply-chain artifact: A skill can influence agent behavior through instructions, references, and bundled content.
- Toxic flow: Risk rises when an agent can combine private context, untrusted input, and outbound communication.
- Approval fatigue: Repeated permission prompts can become ineffective when users accept them without review.
- Review depth: Review should include metadata, body instructions, supporting files, and updates.
- Hard boundary: Real security depends on permission limits, isolation, and policy enforcement, not prompt text alone.
Not Included
- Harmful demonstration examples.
- Hidden-instruction examples.
- Operational abuse paths.
- Runnable snippets.
- Third-party delivery details.
- Exact wording from unsafe demonstration material.
Safe Use
Use this talk to discuss governance, skill review, permission design, and agent risk modeling. Do not use it as a source for offensive mechanics.
.tessl-plugin
talk-batey-building-product-teams-age-of-ai
talk-birgitta-closing-keynote
talk-debois-agent-enablement
talk-douglas-training-ai-on-your-own-code
talk-dubnov-merge-rate-ai-adoption
talk-farley-vibe-coding-best-we-can-do
talk-firtman-web-mcp-agentic-web
talk-foxwell-reinvention-dev-team
talk-graziano-spec-driven-development
talk-groetzinger-skills-everywhere
talk-jones-odevo-ai-native-transformation
talk-jourdan-pipelines-to-prompts
talk-katsioloudes-code-security-ai
talk-lamis-context-engineering-dreaming
talk-lawson-agent-experience
talk-luebken-embedding-pi-coding-agent
talk-maleix-collective-intelligence
talk-maple-ai-native-devcon-welcome-slick
talk-maple-ai-native-devcon-welcome-spec-reviewer
talk-maple-aind-devcon-welcome
talk-maple-context-engineering-skills
talk-maple-continuous-ai-github-workflows
talk-maple-harness-engineering
talk-maple-tldraw-ai-canvas-experiments
talk-marsden-agent-desktops
talk-martinelli-spec-driven-development
talk-moss-skills-team-workflow
talk-overweg-one-brain-no-filtering
talk-podjarny-skills-are-the-new-code
talk-roberts-ai-native-brownfield
talk-roberts-brownfield-ai-native
talk-scheire-artificial-intelligence
talk-selajev-docker-sandboxes-agents
talk-sloan-harness-engineering-beyond-code
talk-stack-humans-architect-ai-writes-code
talk-stoneham-product-brain
talk-tal-skills-security
talk-thomas-ai-native-engineering
talk-walter-runtime-intelligence-agents
talk-wilson-cq-stack-overflow-for-agents
talk-wotherspoon-humans-vs-slop