Whitepaper

The Hidden Attack Surface in AI Agent Instructions

Breaking Skills: Securing the AI Agent Instruction Supply Chain

A skill is just text. You can open it and read every line. Almost nobody does. And even if you do, reading it won't reliably tell you what it will do. Intent hides in a plausible "Definition of Done," invisible Unicode, or a hook that fetches a script at runtime. So developers install skills the way they once installed browser extensions — from a marketplace, in one click, without opening the file.

That habit reopened a supply-chain attack surface the industry spent twenty years learning to defend everywhere else. This whitepaper from Mitiga Labs lays out the threat, the attack techniques hiding in AI skills and agent configuration files, and how Skillgate, our free scanner, detects, flags, and scores them before an agent runs them. Including the part most tools skip: what it doesn't catch.

In this whitepaper, you'll learn:

  • Why agent instruction files are now part of your attack surface
  • Why manual review and "trust the publisher" don't scale
  • The attack techniques Skillgate detects and scores — Clean, Risky, Suspicious, Dangerous
  • How the scanner works across skills, hooks, agent rules, and MCP configs for Claude, Cursor, Windsurf, and more
  • What Skillgate does not catch, and why plain-English instructions are harder to verify than traditional malware

Agents made instruction files powerful, and the ecosystem made them easy to share. We don't want people to stop using skills. That's not the fix. The fix is to look before you load one.

Get the full whitepaper