A fake AI agent skill passed every security scanner and reportedly reached 26,000 agents

TL;DRSecurity firm AIR got a fake skill past every major scanner and says it reached 26,000 agents by swapping an external URL after the scan cleared.

Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and promoted it with an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts. Every skill security scanner the firm tested it against marked it safe. The payload was harmless by design, collecting only the user’s email address, but AIR says a real attacker could have used the same foothold to read files, move data, or hit internal systems.

The skill, called brand-landingpage, claimed to build a landing page using Google’s Stitch design tool and was aimed at non-technical users. To make it look credible, AIR went after two trust signals that the ecosystem still treats as proof of safety: GitHub stars and a clean scanner verdict.

For the stars, it opened a pull request to a skill marketplace repository with around 36,000 stars and 156 skills. The pull request was merged after a few days, so the skill inherited the repository’s star count. Then AIR ran an Instagram ad targeting marketers, salespeople, and designers, who installed it and put it to work.