2 matches found
BadSkill: Backdoor Attacks on Agent Skills Via Model-In-Skill Poisoning
Agent ecosystems increasingly rely on installable skills to extend functionality, and some skills bundle learned model artifacts as part of their execution logic. This creates a supply-chain risk that is not captured by prompt injection or ordinary plugin misuse: a third-party skill may appear...
MAL-2026-2004 Malicious code in flyio-token-client-efgh (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2b09830263d8a35450ca657294a1725c441f2f7fe49cc7946e261e8f18401464 During installation, package attempts to modify LLM configuration files to provide a backdoor instruction for further control over an AI agent. --- Category:...