Every AI agent skill scanner just failed. 26,000 agents compromised. Your CISO has no detection for this.

Security firm AIR built a fake AI agent skill.

Passed every scanner. Cisco's. NVIDIA's. All three on skills.sh.

It reached 26,000 agents. Some on corporate accounts.

The skill was called "brand-landingpage." It claimed to build landing pages using Google Stitch. It actually worked. That's how it built trust.

Then AIR swapped what it did. After installation. After the scan cleared it.

The scanners only check what you submit. They don't check what the skill fetches after it runs.

AIR pointed the skill to an external URL. Initially it loaded real Stitch docs. The scanners saw a clean package pointing at a plausible page. Cleared it.

Once 26,000 agents installed it, AIR replaced the page. The new version told the agent to download and execute a script. In the demo it harvested emails. In a real attack it could read files, exfiltrate data, hit internal systems.

Trail of Bits reproduced the same bypass three weeks earlier. This is not a bug in one scanner. It's a structural gap in every scanner currently in production.

The attack exploited three things your security team already trusts: GitHub star counts, marketplace reputation, and clean scan verdicts. All three are now proven unreliable for AI agent skills.

Audit every third-party agent skill your organization has installed. Block any skill that references external URLs for setup instructions. Deploy runtime monitoring on agent outbound connections. Treat marketplace provenance as zero-trust.

SOURCE: https://thehackernews.com/2026/06/fake-ai-agent-skill-passed-security.html
VERIFIED: The Hacker News (June 23, 2026), Grid the Grey (June 24, 2026), Cyber Security News (June 24, 2026)
SIGNAL: Every enterprise deploying AI agents from third-party marketplaces is exposed to this attack class today. Scanners provide false confidence. Runtime monitoring and internal allow-lists are the only real defense.