75.8% of AI Agent Skills Leak Credentials Through Stdout and Logs
Research found that 75.8% of LLM agent skills leak sensitive credentials — API keys, tokens, and secrets — through stdout and log outputs that anyone with access can read.
Three out of four. 75.8% of AI agent skills leak your credentials.
Researchers at Knostic systematically tested LLM agent skills — the modular capabilities that agents like Claude and Cursor use to interact with tools and services — and found that more than three-quarters of them leaked sensitive credentials through stdout and log outputs.
API keys. Auth tokens. Database passwords. AWS secrets. The skills processed these credentials as part of their normal operation and then wrote them in plaintext to logs that could be accessed by anyone with system access, other agents in the pipeline, or monitoring tools that aggregate log data.
The leak wasn't a bug in any individual skill. It was a systemic design failure in how agent skills handle sensitive data. The skills were written to be functional, not secure. They processed credentials because they needed to, and they logged everything because that's what debugging-friendly code does.
The research tested skills for Claude, Cursor, and other major agents, finding consistent credential leakage across all platforms.
Your agent's skills are printing your secrets to stdout. Three out of four of them. Right now.
More nightmares like this
MCP Horror: Agent Sent Entire WhatsApp History to an Attacker
An AI agent connected via MCP was tricked into exfiltrating a user's entire WhatsApp message history to an attacker-controlled server.
ClawJacked: OpenClaw Vulnerability Enables Full Agent Takeover — 1,184 Malicious Skills Discovered
Security researchers discovered a critical OpenClaw vulnerability that allows complete agent takeover, finding 1,184 malicious skills already in the wild capable of hijacking any OpenClaw agent.
Mercor Breach: 939GB of Source Code Exfiltrated via Claude
AI hiring platform Mercor suffered a massive breach where 939GB of source code was exfiltrated through Claude, exposing the company's entire codebase.
CamoLeak: GitHub Copilot Silently Exfiltrated AWS Keys via Invisible Markdown
A critical vulnerability in GitHub Copilot allowed attackers to exfiltrate private source code and AWS credentials through invisible markdown rendering — the user saw nothing.