Noisy
← this week  ·  Subscribe →

The world is being quietly rearranged by people who write very long documents.

arXiv · April 6, 2026
The title they went with Credential Leakage in LLM Agent Skills: A Large-Scale Empirical Study Noisy translates that to

AI agent skills leak user credentials through common programming errors

What happened
A new study found that many third-party tools for AI agents accidentally expose sensitive user information. This happens mostly through debug messages that print secrets, and attackers can easily exploit these leaks.
Why it matters
This paper shows that the tools AI agents use to do tasks are often insecure by default. Developers of these tools now have a clear map of how secrets escape, and platforms that host them have a clear mandate to scan for these issues. This means that the security of AI agents depends on fixing basic programming hygiene, not just advanced AI safety.
The signal
Watch for major AI agent platforms to announce new security scanning requirements or default sandboxing for third-party skills.
If you insist
Read the original →