Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents

Security firm AIR demonstrated that a fake AI agent skill can bypass security scanners and reach 26,000 agents by utilizing external links that remain unvetted after initial installation. The experiment highlights that current supply chain security tools fail because they only audit static code while ignoring potentially malicious content fetched dynamically by AI agents.