​Live Webinar

​Your Coding Agent Just Installed Something You Didn't Vet. Now What?

​Securing the AI Skill Supply Chain with Snyk + Tessl

​You wouldn't npm install a package with no author, no tests, and no version history. But that's happening every day with agent skills and most teams have no idea.

​Snyk's research found that 36% of public agent skills contain prompt injection techniques. Not theoretical vulnerabilities. Active, embedded techniques designed to hijack what your agent does. In a world where agents are writing, reviewing, and shipping code on your behalf, a compromised skill isn't a misconfiguration, it's an insider threat.

​What this session is about

​This isn't a compliance talk. It's a live conversation about threats and mitigation strategies for engineers who are using coding agents.

​Krzysztof Huszcza (Snyk) and Simon Maple (Tessl) will dig into real examples of what can go wrong, discuss the tooling and workflows to reduce risk, and make time for your questions.

​We'll cover:

• ​What "toxic skills" look like: malware payloads, credential mishandling, and the prompt injection techniques hiding in skills people are actively using

• ​How Snyk and Tessl give you an instant trust signal for every skill, before it touches your environment

• ​How Agent-Guard catches unauthorized tool calls and data exfiltration in real time, and what "freeze" actually means in practice

• ​The bigger question: what does a secure-by-default agent stack look like, and how far are we from it?

​Come ready to ask questions

​Bring your questions, whether you're building an internal skill registry, trying to govern agent adoption across a team, or just trying to figure out whether the skills you've already installed are safe.

​Built for developers and engineers actively working with coding agents. Especially relevant if you own any part of the software supply chain, deploy autonomous agents, or are trying to make the case internally for why this matters.