◈ AI Security Intelligence ← All terms
Concept  ·  Glossary

AI agent skill (plugin)

Definition
A discrete capability extension that gives an AI agent permission to perform a specific action — such as browsing the web, reading files, running code, or calling an external service. Skills are defined in configuration files and are the mechanism through which agents gain real-world reach beyond generating text.
Why it matters
Every skill installed on an AI agent expands what an attacker can cause the agent to do if they manipulate it; auditing, signing, and restricting agent skills is one of the highest-leverage security controls available to enterprises deploying AI agents.
Demonstrated by recent findings
OWASP Agentic Skills Top 10 (AST10) — First Security Framework for AI Agent Skills PublishedAgentjacking: Fake Sentry Error Reports Hijack AI Coding Agents Into Running Attacker-Controlled CodeCursor Editor Executes Malicious Claude Hook Commands from Workspace .claude/settings.local.json Without User Approval
References
OWASP Agentic Skills Top 10 (AST10)
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →