What happened
OWASP published the 'Agentic Skills Top 10' (AST10) as a new project (github.com/OWASP/www-project-agentic-skills-top-10), documenting the 10 most critical security risks in AI agent skills — the configuration files (SKILL.md, skill.json, manifest.json, package.json) that govern what tools and capabilities an AI agent can invoke. The framework covers OpenClaw, Claude Code, Cursor/Codex, and VS Code ecosystems and provides evidence-based mitigations for each risk category (AST01–AST10).
Why it matters
Agent skills/hooks are the primary attack surface for agentjacking, supply-chain poisoning, and privilege escalation in agentic pipelines — yet no prior OWASP framework addressed this layer specifically. AST10 closes the gap between the OWASP LLM Top 10 (model-layer risks) and the OWASP Top 10 for Agentic Applications (agent-behaviour risks) by focusing on the skill/tool-invocation configuration layer. The IDEsaster audit finding (100% of major AI coding IDEs had vulnerabilities) makes this directly actionable.
Action needed
Audit all agent skill/hook configuration files (SKILL.md, skill.json, manifest.json) against the AST10 checklist. Apply least-privilege to tool invocation grants. Treat skill installations from marketplaces with the same supply-chain scrutiny as npm/PyPI packages.