Research
PhantomSkill: Malicious Code Injection in Agent Skill Ecosystems
An attack framework that hides malicious behavior inside agent-skill auxiliary resources; its VulMask technique rewrites overt malicious scripts into 'vulnerability-shaped' implementations that only activate under attacker-controlled conditions. It evades a range of automated security reviewers and coding agents that would catch obvious malicious code. A direct supply-chain warning for anyone installing third-party agent skills or MCP tools.
Source
↳ Follow the thread