🟠 High  |  Source: The Hacker News


Researchers at Hong Kong University of Science and Technology have demonstrated a technique called SkillCloak that uses self-extracting packing to disguise malicious add-on ‘skills’ for AI coding agents, bypassing static security scanners over 90% of the time. This is significant because AI coding agents such as GitHub Copilot and Cursor increasingly rely on third-party skills or plugins, creating a new supply chain attack surface. The same research team also developed a runtime detection tool that catches the majority of evasion attempts.

Security Architect’s Take: Treat AI agent skill/plugin ecosystems as an untrusted supply chain: enforce allowlists of approved skills, mandate runtime behavioural scanning over static-only approaches, and sandbox AI agent environments with least-privilege network and filesystem access to limit blast radius if a malicious skill executes.

Original advisory: SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing