LLM Agent Skills Leak Secrets at Scale

This is a strong signal that agent security problems are still mostly operational, not theoretical: developers are shipping secrets into workflows and then surfacing them back to the model through logs and console output.

• –The study’s scale matters: 17,022 skills sampled from 170,226 on SkillsMP gives the findings more weight than a narrow toy benchmark.
• –Cross-modal leakage is the hard part here; most cases require reasoning over both code and natural language, which makes simple static rules insufficient.
• –Debug prints and `console.log` account for most leaks, so basic observability hygiene is now an AI security requirement, not just a best practice.
• –The persistence angle is worrying: forks can retain secrets even after upstream fixes, which means cleanup has to include the ecosystem, not just the original repo.
• –The disclosure/remediation numbers suggest the issue is actionable, but also that a lot of agent security debt is already sitting in public workflows.