Skills
OWASP Agentic Skills Top 10: New Security Framework Targeting Composable Agent Skill Libraries — Addresses Skill Poisoning and Privilege Escalation
OWASP launches a dedicated project specifically for agentic skills security, separate from the MCP Top 10. As installable skill libraries like antigravity-awesome-skills reach 36K+ stars and skills become npm-installable packages, the attack surface expands to skill poisoning (malicious SKILL.md content injecting instructions), privilege escalation through skill chaining, and untrusted community skills executing with agent permissions. Builders should audit third-party skills before installation.
↳ Follow the thread