Skills.md are a security disaster waiting to happen.
- Skills.md are a security disaster waiting to happen.
- Viral AI prompts that distribute themselves!
- Self-distributing skills that can easily evolve themselves will be like mega viruses.
- The selection pressure for these viruses is just which ones can replicate the most.
- Imagine ones that fuel their rise by stealing crypto for compute.
- I've seen skills in the wild that hide malicious instructions in sub-skills using HTML comments, which don't render in Github's default markdown view.
- So even if you were to review it before installing you could still download a malicious
- Companies building Skill finder commands for agents to use without supervision are playing with fire.