Anthropic Skill scanners passed every check. The malicious code rode in on a test file.
Picture this scenario: An Anthropic Skill scanner runs a full analysis of a Skill pulled from ClawHub or skills.sh. Its markdown instructions are clean, and no prompt injection is detected. No shell commands are hiding in the SKILL.md. Green across the board. The scanner never looked at the .test.ts
ORIGINAL SOURCE →via VentureBeat
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] [Boost]
- [CYBER] Aave rewrites the rulebook for asset listings after $293 million exploit - CoinDesk
- [CYBER] Aave to overhaul collateral and listing standards after KelpDAO exploit
- [CYBER] RAG Security: Prevent Data Leaks with Access Control
- [CYBER] Attackers Could Exploit AI Vision Models Using Imperceptible Image Changes
- [CYBER] PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage