We Scanned 3,984 Skills — 1 in 7 Can Hack Your Machine
Most developers install skills without reading what's inside them. But that's exactly what attackers are counting on.
Simon Maple sits down with Brian Vermeer from Snyk at DevNexus to get into the security risk hiding inside the skills and MCPs running on your local machine. They scanned over 4,000 skills and found that 1 in 7 had at least one critical security vulnerability.
Here’s what you need to know:
- Why prompting your agent to write secure code doesn't make it secure
- How a trusted skill can update silently and start offloading your credentials
- What prompt injection actually looks like inside a skill file
- Why vibe coding makes the attack surface bigger, not smaller
- How the Snyk agent scan catches what you'd never spot manually
Every skill on the Tessl registry now has a Snyk security scan attached. Check before you install.
Connect with us here:
Simon Maple: https://www.linkedin.com/in/simonmaple/
Brian Vermeer: https://www.linkedin.com/in/brianvermeer/
Snyk: https://www.linkedin.com/company/snyk/
Tessl: https://www.linkedin.com/company/tesslio/
Join the AI Native Dev Community on Discord: https://tessl.co/4ghikjh
Ask us questions: [email protected]
Fler avsnitt av The AI Native Dev - from Copilot today to AI Native Software Development tomorrow
Visa alla avsnitt av The AI Native Dev - from Copilot today to AI Native Software Development tomorrowThe AI Native Dev - from Copilot today to AI Native Software Development tomorrow med Tessl finns tillgänglig på flera plattformar. Informationen på denna sida kommer från offentliga podd-flöden.