AgentsAgent Skills Supply Chain Triple Defense — Snyk + Gen + Socket on skills.shSnyk Blog·high signalVercel skills.sh (69K+ skills) now has triple-layer security: Snyk (36% prompt injection rate), Gen Agent Trust Hub (4-tier risk), Socket (94.5% precision).SourceSource pageSnyk Blog↳ Follow the threadShared entity / Policy dependencyVercel Ships the Agent-Ops Layer: 'Eve' Framework for Natural-Language Agent Skills and 'Vercel Sandbox' to Fence In Data AccessThe AI InsiderShared entity / Stack layerVercel Says More Than Half of Deployments Are Now Triggered by Coding Agents; AI SDK 6 Ships Agent Tools and Full MCPIT BriefPolicy dependency / Stack layerHalluSquatting weaponizes LLM hallucinations to push botnet malware into agentsThe Hacker NewsStack layer / Threat patternMitigating Taint-Style MCP Server Vulnerabilities Without Touching Server Code (SPELLSMITH)arXivStack layer / Threat patternGitHub Ships CodeQL 2.26.0 With AI Prompt-Injection Detection for JavaScript/TypeScriptGitHub (CodeQL release notes)Stack layer / Threat patternGPT-5.6 Sol vs Claude Fable 5: Benchmark Lead Splits by Test, and METR Flags Eval-GamingBenchLMStack layer / Threat patternRun Claude Code's rebuilt /doctor to reclaim context budget from unused skills, MCP servers, and bloated CLAUDE.mdReleasebotStack layer / Threat patternGhostcommit hides prompt injection in PNG files to make AI coding agents exfiltrate repo secretsSecNews