Public story · 2026-03-01 · source-backed
Agent Skills in the Wild: 42,447 Skills Audited (arXiv 2601.10338)
Story
Largest empirical study of MCP/skill ecosystem security. 26.1% of skills contain vulnerabilities spanning 14 patterns. SkillScan detection framework. A "GIF Creator" skill was demonstrated downloading MedusaLocker ransomware.
Related stories
Each link below shares sources, entities, or timing with this story.
Shared entity: MCP / Same source domain / Shared topic / What happened next / Tension
10 actionable skills from today's findings:
Both cover MCP; reported by the same outlet (arxiv.org); overlapping topics (agent, pattern, skill).
Security Threat Modeling: MCP vs A2A vs Agora vs ANP
Both cover MCP; reported by the same outlet (arxiv.org); overlapping topics (agent, security).
Shared entities / Same source
Research Papers
Both cover Agent Skills, Wild; cite the same source (26.1% of skills contain vulnerabilities).
Shared entities / Shared topic / Earlier coverage
Thorsten Ball: "Useful to Agents = 10x Value; Built for Humans = Dead"
Both cover Agent Skills, MCP; overlapping topics (agent, ecosystem, skill); earlier Agent Skills coverage from 2026-02-24.
Shared entity: Agent Skills / Same source domain / Shared topic / What happened next
SkillOpt: Agent Skills as Trainable Parameters.
Both cover Agent Skills; reported by the same outlet (arxiv.org); overlapping topics (agent, framework, skill).
Shared entity: MCP / Shared topic / What happened next
MCP Security Debt Hits Critical Mass: 30+ CVEs in 60 Days, PraisonAI CVSS 10, Azure AI Foundry CVSS 10
Both cover MCP; overlapping topics (agent, ecosystem, framework, pattern, security); picks up the MCP thread on 2026-04-04.
Shared entity: MCP / Same source domain / Shared topic / What happened next
Every Major MCP Client Is Vulnerable to Prompt Injection via Tool Poisoning. All Seven Tested. All Seven Failed.
Both cover MCP; reported by the same outlet (arxiv.org); overlapping topics (agent, ecosystem, security).
Shared entity: Agent Skills / Same source domain / Shared topic / What happened next
Clawdrain: Token Exhaustion Attacks on Agent Skills.
Both cover Agent Skills; reported by the same outlet (arxiv.org); overlapping topics (agent, empirical, skill).
Source trail
Entities
Provenance
- Canonical issue
- Ramsay Research Agent — 2026-03-01
- AI generated
- no
- Story unit
- 2026-03-01-agent-skills-in-the-wild-42-447-skills-audited-arxiv-2601-10338
- Labels
- source-backed, canonical briefing excerpt