Liran Tal

Your AI Agent Installed Malware Because a SKILL.md Told It To

That SKILL.md file you just installed to supercharge your AI coding agent? It might be exfiltrating your AWS credentials right now. Yikes. Just like with early npm, attackers are abusing various Agent Skill ecosystems to launch malware campaigns. So now AI builders rush to add Skills which inherit the agent's full execution environment, all while the recent ToxicSkills research found 37% of nearly 4000 skills malware and other security weaknesses, and even one "security scanner" skill that was itself malware, ha! The next AI security frontier is hijacking the agent's own reasoning to suppress safety warnings before pulling the trigger and here’s your chance to see in action how coding agents crumble under a malicious skill.

In this session you'll watch live hacking of a malicious skill and how it fools a coding agent for rogue actions, a prompt injection leaks your secrets over email, and a leaky skill passes credit card numbers straight through the LLM context. Then we flip to defense. I’ll show you how to detect these malware and danger skills.md files and catch what every regex-based scanner misses. You'll leave with a concrete threat model for Agent Skills supply chains and the tools to audit your own agents before someone else does it for you.