A 2026 study found 26% of agent skills from public marketplaces contain vulnerabilities — and 5% show patterns of deliberate malice. NVIDIA’s SkillSpector scans skills before installation using static analysis and optional LLM review. This post covers what it catches, how to run it in CI, and the blind spots you still own. Table Of […]

Read More →

Large language models are increasingly extensible. Whether they’re called “skills,” “plugins,” “tools,” or “MCP servers,” the core idea is the same: let an LLM invoke external code, read external data, and act on external instructions. It’s also one of the most serious attack surfaces in modern AI systems. Table Of Contents What’s the problem? Prompt […]

Read More →