Back to feed
Dev.to
Dev.to
6/23/2026
We security-graded 117,854 AI agent skills. Here's what we found.

We security-graded 117,854 AI agent skills. Here's what we found.

Short summary

A security audit of 117K AI agent skills found that only 17.7% were popular enough to grade, with 3.1% deemed unsafe. Greatest risk lives in low-starred repos, and new attack surfaces (agent config/memory theft) emerge alongside traditional shell exploits. Rule-based scanning catches 3% of vulnerabilities; semantic analysis suggests the real rate may be 26%.

  • Security audit of 117K agent skills: 17.7% graded, 3.1% unsafe—mostly in unpopular repos
  • New attack surface: agent-native threats like config theft and memory exfiltration
  • Provides CLI tool for checking skills; acknowledges rule-based scanning is conservative lower bound

Generated with AI, which can make mistakes.

Is this a good recommendation for you?

Explore more