A security experiment successfully compromised over 26,000 AI agents by exploiting structural flaws in how agent skills are vetted and trusted. Researchers created a deceptive skill that appeared legitimate to non-technical users and bypassed automated security scanners from major vendors. By hosting malicious instructions on an external URL rather than within the skill package itself, the attackers ensured the payload remained invisible during initial inspections. <a href="

Read the original article