There is a lot of talk about Skills recently, both in terms of capabilities and security concerns. However, so far I haven’t seen anyone bring up hidden prompt injection. So, I figured to demo a Skills supply chain backdoor that survives human review.

> **There is a lot of talk about Skills recently, both in terms of capabilities and security concerns. However, so far I haven’t seen anyone bring up hidden prompt injection. So, I figured to demo a Skills supply chain backdoor that survives human review.**
>
> Additionally, I also built a [basic scanner](https://github.com/wunderwuzzi23/aid), and had [my agent propose updates to OpenClaw](https://github.com/openclaw/openclaw/pull/13012) to catch such attacks.
>
> #
>
> - Attack Surface
> - What is an Agent Skill?
> - Scary Skills
> - Writing a Simple Skill
> - What about Skills in OpenAI Codex and Google Gemini?
> - Prompt Injection Attack Vectors
> - Agent(s) Overwriting Skills on the Fly
> - Using Invisible Instructions in Skills
> - Adding a Backdoor to A Legitimate Skill
> - End to End Video
> - Explanation
> - Notes, Testing Observations and Mitigations
> - A Scanner to Catch Attacks
> - Scanning Tool Demonstration
> - Conclusion
>
> [**...read more at embracethered.com**](https://embracethered.com/blog/posts/2026/scary-agent-skills/)