Guidelines  ·  2026-07-05

OWASP Agentic Skills Top 10 — new risk taxonomy for AI agent 'skills' (AST01–AST10)

GuidelinesMedium impactGlobal
OWASP has stood up a new project page, 'Agentic Skills Top 10,' cataloguing ten security risks specific to AI agent 'skills' (installable capability modules such as Claude/ClawHub SKILL.md packages) — including AST01 Malicious Skills, AST02 Supply Chain Compromise, AST03 Over-Privileged Skills, AST04 Insecure Metadata, AST05 Untrusted External Instructions, and AST07 Update Drift. Page content is marked 'Last updated: June 2026,' and third-party vendors (e.g., Fortinet's FortiCNAPP Code Security) are already mapping detection rules to the taxonomy as of early July 2026, indicating recent/active publication.
Agent 'skills' (markdown-defined capability packages with low publication barriers and no code-signing/sandboxing by default) are an emerging and largely ungoverned supply-chain vector for agentic AI; a dedicated OWASP taxonomy gives security teams and tool vendors a shared reference for scanning, review, and incident classification specific to this attack surface, distinct from the broader OWASP Top 10 for Agentic Applications.
AI/agent security teams building or consuming agent 'skills' (e.g., Claude Skills, ClawHub packages) should map skill review/scanning controls to AST01–AST10, and vendors offering agent supply-chain scanning should track the taxonomy for coverage claims.
OWASP Foundation — AST02: Supply Chain Compromise (Agentic Skills Top 10)OWASP Foundation — AST05: Untrusted External Instructions (Agentic Skills Top 10)Fortinet Community — The AI Agent Supply Chain Has a Security Problem: Introducing Skills Scanning in FortiCNAPP Code Security
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →