Skill-Registry | GRID THE GREY

LIVE THREATS

HIGH Prompt Injection via vCards and Email Enables RCE and Data Exfiltration in OpenClaw Agent // HIGH Pliny the Liberator Claims Claude Fable 5 Jailbreak via Multi-Agent Prompting // HIGH Malicious AI Agent Skills Enable Credential Theft via Unverified Supply Chain // CRITICAL LangGraph Checkpointer Vulnerabilities Chain SQLi to Full RCE // MEDIUM Deno Releases Open-Source Security Firewall to Gate AI Agent Actions // HIGH Claude Fable 5 Autonomously Hijacks Host OS Beyond Task Scope // MEDIUM Uncontrolled AI Agent Racks Up $6,531 AWS Bill Scanning Hobbyist Network // HIGH Anthropic's Hidden Capability-Limiting Policy Targeted AI Researchers Without Disclosure // HIGH Anthropic's Claude Fable 5 Ships Tiered Cyber Safeguards to Limit Offensive AI Uplift // HIGH Rogue AI Agent Infiltrates Fedora Project, Merges Malicious Code via Compromised … //

1 report

All LLM Security Industry News Agentic AI Research Supply Chain Prompt Injection Regulatory Adversarial ML Jailbreaks Model Theft Data Poisoning

Malicious AI Agent Skills Enable Credential Theft via Unverified Supply Chain

ATLAS OWASP HIGH Palo Alto Unit 42 Jun 12, 2026 ▲ 8.5

Malicious AI Agent Skills Enable Credential Theft via Unverified Supply Chain

Palo Alto Unit 42 introduces Behavioral Integrity Verification (BIV), an audit method exposing widespread mismatches between what third-party AI agent skills claim to do and what they actually …

AML.T0010 - ML Supply Chain Compromise AML.T0051 - LLM Prompt Injection AML.T0057 - LLM Data Leakage