arXiv:2605.28588: Analysis of 3,984 Agent Skills Reveals 76 Malicious — 13.4% Contain Critical Security Vulnerability

Researchers Luca Beurer-Kellner, Aleksei Kudrinskii, Marco Milanta, Kristian Bonde Nielsen, Hemang Sarkar, and Liran Tal have published a comprehensive security analysis of the AI agent skill ecosystem — the first systematic study of security threats in extension marketplaces for AI agents.

What Are AI Agent Skills and What Is the Risk from Malicious Ones?

AI agent skills (also known as plugins, actions, or tools depending on the platform) are extensions that give AI agents specific capabilities: web search, file access, sending email, code execution, calling external APIs. They are distributed through marketplaces similarly to applications in mobile app stores.

The problem: a malicious skill that passes platform review receives the same permissions as a legitimate skill. A user who installs a skill grants it access to exactly what the skill requests — including potentially sensitive resources such as API keys, files, or network traffic.

What Did the Analysis of 3,984 Skills Reveal?

Researchers collected and analyzed 3,984 AI agent skills from major marketplaces. Key findings:

• 76 confirmed malicious payloads: hidden code that actively performs attacks
• 13.4% of all skills contain at least one critical security vulnerability
• At least 8 manually verified malicious skills remained publicly available at the time of publication

Types of attacks documented in malicious skills:

• Credential theft: extraction of API keys, passwords, session tokens
• Backdoor installation: establishing persistent access to the user’s system
• Data exfiltration: sending user data to external servers

What Threat Taxonomy Was Established?

The paper establishes a threat taxonomy for the agent skill ecosystem based on real-world samples — not hypothetical scenarios. The taxonomy documents attack vectors, code patterns characteristic of malicious skills, and methods for automated detection.

The authors also describe an analysis methodology that combines static code analysis of skills with dynamic behavior monitoring, enabling detection of sophisticated attacks that activate only under certain conditions.

Why Is Automated Security Analysis Essential?

The researchers conclude that “automated security analysis is no longer optional” — it has become a necessity. Reasons:

AI agent skill marketplaces are growing exponentially, and manual review of every skill is not scalable with hundreds of new publications per week. With 13.4% critical vulnerabilities and active malicious skills that bypass current checks, platforms need automated security scanners that analyze skill code and behavior before publication.

This study provides an empirical basis for developing such systems and a warning for AI agent users: every installed skill expands the attack surface.