Agent security is a real attack surface, and a massive blind spot right now

Quick threat landscape snapshot from Feb 2026: 824+ confirmed malicious skills on the ClawHub marketplace 42K+ instances with exploitable configurations 10 CVEs this year, including safeBins flag bypass (CVE-2026-28363) Zero code signing or security review for published skills The attack vectors are creative: prompt injection via Skill markdown descriptions, Unicode tag range (U+E0000) invisible injection, cross-skill tool shadowing, social engineering in Prerequisites sections. What are you doing to secure your agents?   submitted by   /u/Honest_Ad5416 [link]   [comments]

Source: https://www.reddit.com/r/cybersecurity/comments/1rhkylz/agent_security_is_a_real_attack_surface_and_a/