🛡 Attacking AI Agents via Skill Substitution

Researchers from AIR have discovered a way to attack AI agents through the substitution of "skills." Attackers deployed a landing page creation tool that passed security checks by Cisco and Nvidia, subsequently redirecting 26,000 users to a malicious script.

🌍 "Mutable payload" attacks prove that static skill analysis is ineffective. Agent skills must be treated as executable dependencies that require runtime monitoring.

👤 AI tools should not be trusted solely based on security checks or GitHub popularity. Verification at installation does not guarantee security if the tool loads instructions from external sources.

Source 1: https://www.csoonline.com/article/4188840/how-a-malicious-ai-agent-skill-passed-security-checks-and-reached-26000-users.html