Context
In the Skill Development Life Cycle document (scratch/skill-development-life-cycle.md),
we argue that creating malicious skills is far easier than creating malicious software —
you don't even need to know how to code. We reference real supply chain incidents
(matplotlib on PyPI, npm package hijacks) as motivation.
We need a detailed, realistic example that demonstrates what happens when teams
skip the lifecycle and use the YOLO approach: pulling skills from unverified sources,
skipping review, ignoring signatures.
What to create
A walkthrough (document or demo) showing:
- A plausible malicious skill — looks helpful on the surface (e.g., a "Git Workflow
Helper"), but contains hidden instructions that exfiltrate secrets, install backdoors,
or modify code in subtle ways
- How it gets distributed — a community marketplace with no review process, a GitHub
gist, a blog post with "just copy this file"
- What the agent does — step by step, how the agent follows the malicious instructions
without the user noticing
- What the Skill DLC would have caught — at which phase (Review, Test & Evaluate,
Release) the malicious content would have been flagged
- Scripts and hooks — show how a skill's post-install script can do things the user
never intended, and how most users never read these scripts
Why this matters
People are currently pulling skills with zero verification. The threat model is real
and the barrier to exploitation is lower than any previous supply chain attack vector.
A concrete example makes the abstract argument visceral.
Scope
- Document with a realistic scenario (not actual exploit code)
- Focus on education, not weaponization
- Could become a conference talk, blog post, or workshop exercise
Context
In the Skill Development Life Cycle document (
scratch/skill-development-life-cycle.md),we argue that creating malicious skills is far easier than creating malicious software —
you don't even need to know how to code. We reference real supply chain incidents
(matplotlib on PyPI, npm package hijacks) as motivation.
We need a detailed, realistic example that demonstrates what happens when teams
skip the lifecycle and use the YOLO approach: pulling skills from unverified sources,
skipping review, ignoring signatures.
What to create
A walkthrough (document or demo) showing:
Helper"), but contains hidden instructions that exfiltrate secrets, install backdoors,
or modify code in subtle ways
gist, a blog post with "just copy this file"
without the user noticing
Release) the malicious content would have been flagged
never intended, and how most users never read these scripts
Why this matters
People are currently pulling skills with zero verification. The threat model is real
and the barrier to exploitation is lower than any previous supply chain attack vector.
A concrete example makes the abstract argument visceral.
Scope