Unsafe patterns
Common unsafe patterns in AI agent skills
Unsafe skills are not always malicious. Many risky patterns come from convenience: quick installers, broad file access, curl pipelines, and prompts that ask an agent to act before confirming the boundary.
Command execution without a narrow purpose
Shell commands, eval-style execution, install scripts, and language-specific subprocess calls should have a clear reason, explicit inputs, and a reviewable path.
Remote payload loading
Downloads from raw file hosts, short links, temporary storage, or unpinned branches can change after review. Treat curl-to-shell and dynamic import patterns as high-attention findings.
Secret discovery
Instructions that enumerate home folders, read dotfiles, inspect environment variables, or search for tokens can cross from useful automation into credential exposure.
Hidden persistence
Cron jobs, launch agents, shell profile edits, global package installs, and background services should be rare in agent skills and clearly explained when present.