Developers Are Installing AI Agent Skills Too Fast
235,000 installs per week.
That’s how quickly developers are downloading AI agent skills — packages that give AI coding agents new capabilities like shell access, file system operations, cloud access, and deployment permissions.
But unlike traditional npm packages, agent skills introduce a completely new security problem: natural language instructions that AI agents can interpret and execute autonomously.
In this video, we break down:
- What AI agent skills actually are
- Why they create a new attack surface
- How prompt injection changes software security
- The findings from Snyk’s scan of nearly 4,000 agent skills
- Why traditional static analysis tools fail here
- How to scan your own AI agent setup for vulnerabilities
We also look at the open-source Agent Scan tool, the Snyk + Vercel integration, and practical steps developers can take today to secure their AI coding environments.
Use Snyk for free to find and fix security issues in your applications today! https://snyk.co/ugLYn
✍️ Resources ✍️
- Skills Registry: https://skills.github.com
- Snyk Security Platform: https://snyk.io/
- Snyk Agent Scan (GitHub): https://github.com/snyk-labs/agent-scan
- Vercel: https://vercel.com/
- Invariant Labs: https://invariantlabs.ai/
- Have I Been Pwned: https://haveibeenpwned.com/
⏲️ Chapters ⏲️
0:00 AI Agent Skills Are Exploding in Popularity
0:56 What Agent Skills Are and How They Work
1:38 Why Agent Skills Create a New Security Threat Model
3:30 Snyk’s Scan of Nearly 4,000 AI Agent Skills
4:41 How Snyk and Vercel Built Automated Security Scanning
5:44 How to Scan Your Own AI Agent Environment
6:24 The 3 Biggest Takeaways About Agent Skill Security
7:02 Final Thoughts and Community Discussion
⚒️ About Snyk ⚒️
Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.
Learn more about Snyk: https://snyk.co/ugLYl
📱 Connect with Us 📱
🖥️ Website: https://snyk.co/ugLYl
🐦 X: http://twitter.com/snyksec
💼 LinkedIn: https://www.linkedin.com/company/snyk
💬 Discord: https://discord.gg/devsecops-community-918181751526948884
- ️ Subscribe: https://www.youtube.com/c/SnykSec
- 🔥 We're hiring! Check our open roles: https://snyk.co/ugLYp
🔗 Hashtags 🔗
#shaihulud #aisecurity #aiagents