{"id":279900,"date":"2026-06-23T11:16:00","date_gmt":"2026-06-23T15:16:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/23\/fake-ai-agent-skill-passed-security-scans-and-reportedly-reached-26000-agents\/"},"modified":"2026-06-23T17:10:10","modified_gmt":"2026-06-23T21:10:10","slug":"fake-ai-agent-skill-passed-security-scans-and-reportedly-reached-26000-agents","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/23\/fake-ai-agent-skill-passed-security-scans-and-reportedly-reached-26000-agents\/","title":{"rendered":"Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/fake-ai-agent-skill-passed-security.html\">Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/fake-ai-agent-skill-passed-security.html\">https:\/\/thehackernews.com\/2026\/06\/fake-ai-agent-skill-passed-security.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-23 11:16:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p>Security firm\u00a0AIR\u00a0built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts.<\/p>\n<p>Every skill security scanner the firm tested it against marked it safe. The payload was harmless by design: it collected the user&#8217;s email address and did nothing else.<\/p>\n<p>The point was to show that none of the signals people lean on to trust a skill caught it: not the scanners, not the GitHub stars, not the open-source reputation.<\/p>\n<p>A skill is a bundle of instructions an agent loads into its own context and follows with roughly the authority of a user prompt. That trust is the whole problem, and it is the reason skill-scanning tools exist in the first place.<\/p>\n<p>The skill, named\u00a0brand-landingpage, claimed to build a landing page using Google&#8217;s Stitch design tool, aimed squarely at non-technical users.<\/p>\n<p>To make it look credible, AIR went after two trust signals: GitHub stars and a clean scanner verdict. For the stars, it opened a pull request to a skill marketplace repository with around 36,000 stars and 156 skills.<\/p>\n<p>The pull request was merged after a few days, so the skill inherited the repo&#8217;s count. Then it ran an Instagram ad aimed at marketers, salespeople, and designers, who installed it and put it to work.<\/p>\n<h2>Why the scanners missed it<\/h2>\n<p>The scanners AIR tested analyze the package you hand them: the SKILL.md and the files shipped with it. That&#8217;s\u00a0Cisco&#8217;s,\u00a0NVIDIA&#8217;s, and the ones wired into skills.sh.<\/p>\n<p>AIR&#8217;s skill carried no setup instructions of its own. It told the agent to install the &#8220;Stitch SDK&#8221; by following the documentation at an external link,\u00a0stitch-design.ai, a domain AIR controls, not Google (the real Stitch lives at\u00a0stitch.withgoogle.com).<\/p>\n<p>At first, the link led to the genuine Stitch docs, so the scanners, seeing a clean package that pointed at a plausible setup page, cleared it. The page the agent would actually fetch and follow sat outside the scan.<\/p>\n<p><img alt=\"\" border=\"0\" data-original-height=\"1066\" data-original-width=\"1600\"...<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/fake-ai-agent-skill-passed-security.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents https:\/\/thehackernews.com\/2026\/06\/fake-ai-agent-skill-passed-security.html Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":279901,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgb14v3ddlfpybc15jRbk-cwHI-0S8BAzdp8Ix83L5ZCZ4AB8gCySG7J4tZr4od9q3Jbuic1a4J29VAvRcdSQag_-ju1o9ae9yCcL6XV_jRDVhgd31E5BljiThpXcfHu_gdsmSySY8o0WyjuUoSQ5CGOyKO3cKXVDYeGKa1b1up2VM5ZJE6_PjPNCVOD_M\/s1600\/skills.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26],"class_list":["post-279900","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/279900"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=279900"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/279900\/revisions"}],"predecessor-version":[{"id":279903,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/279900\/revisions\/279903"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/279901"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=279900"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=279900"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=279900"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}