Voices
Security Audit of 22,511 AI Agent Skills Found 140,963 Issues — Registry-to-Runtime Gap Is the Real Attack Surface
A New Stack investigation auditing 22,511 AI coding agent skills uncovered 140,963 security issues, revealing a critical gap between what package registries scan and what actually runs on developer machines. The findings suggest that the agent skill/plugin ecosystem has a fundamentally different threat model than traditional package management — skills execute with agent-level permissions and often bypass conventional security scanning at the registry level.
Source
↳ Follow the thread