Skills
Snyk Threat Model: SKILL.md to Shell Access in Three Lines of Markdown — Why Traditional Scanners Miss Agent Skill Attacks
Snyk published a detailed threat model showing how three lines of markdown in a SKILL.md file instruct an AI agent to read SSH keys and exfiltrate them to attacker infrastructure. The attack exploits the fact that traditional security scanners skip markdown files entirely, and the malicious payload is written in plain English rather than code. The concept of 'toxic flows' — a skill that has access to private data, contains untrusted instructions, and can communicate externally — defines the kill chain. This is the first formal threat model for the AgentSkills specification.
Source
↳ Follow the thread