Best paper award @ CAIS 2026
Sebastian Schrittwieser, key researcher at SBA Research and head of the CD-Lab AsTra and Johanna Ullrich, key researcher at SBA Research and Professor of Security at IT:U, received the Best Paper Award at the AgentSkills Workshop at the ACM Conference on AI and Agentic Systems (CAIS 2026) in San José for their work Context Matters: Repository-Aware Security Analysis of the Agent Skill Ecosystem.
© Niklas Schnaubelt
Abstract
Agent skills extend local AI agents, such as Claude Code and OpenClaw, with additional functionality. Their growing popularity has led to dedicated marketplaces resembling mobile app stores, as well as automated scanners that assess whether skills are benign or malicious. However, scanner reports from individual marketplaces classify up to 46.8% of skills as malicious, raising concerns about false positives. We present the largest empirical security analysis of the AI agent skill ecosystem to date.
We collect 238,180 unique skills from three major distribution platforms and GitHub, and analyze their contents, behavior, and repository context. Unlike existing scanner-based assessments, which evaluate skills largely in isolation, our repository-aware analysis checks whether a flagged skill is consistent with its surrounding GitHub project. This context substantially reduces the number of suspicious skills: only 0.52% remain suspicious after repository-aware analysis.
Our results show that existing scanners can substantially overestimate maliciousness when repository context is ignored. At the same time, we identify previously undocumented real-world attack vectors, including the hijacking of skills hosted in abandoned GitHub repositories. Overall, our findings provide a more robust view of the agent-skill ecosystem’s current risk surface and highlight the need for context-aware security evaluation.
Authors: Florian Holzbauer, David Schmidt, Gabriel K. Gegenhuber, Sebastian Schrittwieser, and Johanna Ullrich