Spooky Skills | Agent Skill Supply Chain Risks

Just the list

Agent Skills are modular capabilities that extend AI agents. They package instructions, metadata, and code that agents execute automatically when triggered. Skills are powerful and flexible, which makes them dangerous.

From Anthropic's docs: "We strongly recommend using Skills only from trusted sources. A malicious Skill can direct Claude to invoke tools or execute code in ways that don't match the Skill's stated purpose."

They can lie to you #

1/19

A Skill's name and description are just metadata. The actual instructions inside can do something completely different. You see the label; the agent sees the truth.

📦 code-formatter Skill

Format code files using standard style guides. Supports Python, JavaScript, and Go.