Curated Agent Skills Lift Task Success 16.2% as 26.1% of 31,132 Skills Show Vulnerabilities
Updated
Updated · O'Reilly Media · May 18
Curated Agent Skills Lift Task Success 16.2% as 26.1% of 31,132 Skills Show Vulnerabilities
2 articles · Updated · O'Reilly Media · May 18
Four recent papers found curated agent skills raised agent task completion rates by 16.2% across 84 tasks, while model-written skills delivered no consistent gains.
The strongest improvements came in structured, domain-specific work—software engineering rose 4.5% and healthcare nearly 52%—because human-curated skills captured procedural knowledge base models often miss.
Skill libraries also became less reliable as they expanded: flat retrieval started misrouting similar skills once libraries reached 80-plus entries, while hierarchical capability trees scaled better from 200 to more than 200,000 skills.
A security review of 31,132 community skills found 26.1% had exploitable flaws, including prompt injection, data exfiltration and privilege escalation, underscoring that public skills behave more like installable code than passive documentation.
The research points teams toward smaller, focused skills built from real workflows, with explicit routing descriptions, human review, lifecycle management and tighter permission scoping as skills become core agent infrastructure.
With over a quarter of AI 'skills' containing hidden threats, is your new AI assistant a dangerous insider risk?
If AI cannot yet write its own effective skills, what critical human element is still missing from machine intelligence?
15,000 AI Agent Skill Vulnerabilities in 2026: Security Risks, Supply Chain Threats, and the Urgent Need for Trusted Ecosystems
Overview
AI agent skills are a double-edged sword, offering impressive performance improvements—especially in fields like healthcare—by leveraging human-curated expertise that AI models alone cannot provide. However, these same skills introduce immediate and serious security risks, as attackers exploit the mechanisms that make agents powerful. The report highlights how tailored skills can revolutionize specific domains, but also warns that without strong security measures, the benefits come with significant vulnerabilities. This balance between enhanced capabilities and new threats underscores the urgent need for robust safeguards as organizations adopt and deploy AI agent skills.