NewsSnyk ToxicSkills 36 Percent ClawHub Skills Prompt InjectionSnyk Blog·high signalSnyk audit found 36% of ClawHub skills contain prompt injection, 1467 malicious payloads, supply chain compromisedSourceSource pageSnyk Blog↳ Follow the threadShared entity / Stack layerSnyk's Evo Agentic Development Security Hit GA June 29 — an Enforcement Layer That Polices MCP Servers and Coding Agents at RuntimeSiliconANGLEPolicy dependency / Stack layerIAPS warns on Kimi Claw: security and governance risks of Chinese-hosted 'always-on' AI agentsIAPSPolicy dependency / Stack layerHalluSquatting weaponizes LLM hallucinations to push botnet malware into agentsThe Hacker NewsStack layer / Threat patternMalicious agent skills evade every scanner: HKUST's SkillCloak beats detectors 90%+ of the time, SkillDetonate catches 97%Help Net SecurityStack layer / Threat patternCROSS-CATEGORY: Three Vendors in Three Unrelated Categories Shipped 'Agents That Supervise Other Agents' Inside Two WeeksVantaThreat pattern / Contrastllm 0.31.1 Fixes a Tool Call Crash That Only Shows Up on Non-OpenAI Providerssimonwillison.netPolicy dependency / Threat patternPrismata Confines Cross-Site Prompt Injection by Treating Web Agents Like an XSS ProblemarXivStack layer / Threat patternUnit 42: AI-agent npm packages become a prime supply-chain target in H1 2026Unit 42 (Palo Alto Networks)