ResearchAgent Skills in the Wild 42447 Skills Audited 26% VulnerablearXiv·high signalLargest MCP/skill security study. 42,447 skills, 26.1% contain vulnerabilities across 14 patterns. SkillScan detection framework.SourceSource pagearXiv↳ Follow the threadStack layer / Threat patternSLBench Finds Up to 70% Unsafe Execution When Codex and Claude Code Follow Logical Relations in Skill FilesarXivStack layer / Threat patternMitigating Taint-Style MCP Server Vulnerabilities Without Touching Server Code (SPELLSMITH)arXivPolicy dependency / Stack layerReason Less, Verify More: Deterministic Gates Catch a Silent Policy-Violation Failure in Tool-Using AgentsarXivStack layer / Threat patternSystematic Study Ranks Learning-Rate Schedulers Across 30 ArchitecturesarXivThreat pattern / Follow-up threadVEXAIoT: arXiv paper demonstrates autonomous IoT vulnerability exploitation using AI agentsarXivPolicy dependency / Stack layerPattern: A Provider-Abstraction / BYOK Layer Is Hardening Beneath Agent HarnessesGitHubThreat patternIndustrial Study Reports How Analysts Actually Use AI in High-Stakes Crime LinkagearXivStack layer / Threat patternLong-Horizon-Terminal-Bench: Best Frontier Agent Clears Just 15% of Real Terminal Tasks, Mean 4.3%arXiv (Tencent Hunyuan) / HuggingFace Daily Papers