Claude Code Skills Are a Massive Security Threat — Greg Pstrucha, Sentry

Learn how malicious Claude Code skills can take over your machine, and what to do about it. Greg Pstrucha from Sentry's AI/ML team demonstrates how easily agent skills can compromise a developer environment. He shows a benign-looking PNG with hostile EXIF metadata that owns the machine 30 to 40 percent of the time across every model he tested, including Opus 4. Greg outlines three families of attacks: context poisoning, harness attacks that exploit Claude Code's own features like the shebang directive for a 100 percent deterministic exploit, and ecosystem attacks that leverage auto-discovery in tools like pytest. Greg also shares his recommendations for staying safe — writing your own skills, asking an agent to synthesize tailored versions of third-party ones, and rethinking the use of --dangerously-skip-permissions. Sentry is the open-source error-tracking and performance-monitoring platform used by over 4 million developers worldwide. Its AI/ML team builds Seer, an autonomous debugging agent that uses production error data to find root causes and propose fixes. Sentry also publishes a public skills repository and the Skills Scanner Greg demoed, which uses an LLM-as-judge approach to detect prompt injection, malicious code, and supply chain risks that regex-based scanners miss. Greg Pstrucha is a staff engineer on Sentry's AI/ML team, where he focuses on coding agent workflows, AI, and security. He previously worked at Robinhood and Facebook. Recorded at the TypeScript AI Demo Day in San Francisco, April 2026, hosted by Mastra. 🔗 GREG PSTRUCHA https://gricha.dev https://www.linkedin.com/in/greg-pstrucha/ SENTRY https://sentry.io https://github.com/getsentry LINKS FROM THE TALK Sentry Skills Repository: https://github.com/getsentry/skills Snyk ToxicSkills Research: https://snyk.io/blog/toxicskills-malicious-ai-agent-skills-clawhub/ 📚 MASTRA RESOURCES https://mastra.ai https://x.com/mastra_ai https://mastra.ai/community/discord https://github.com/mastra-ai https://mastra.ai/course https://mastra.ai/books/principles-of-building-ai-agents https://mastra.ai/books/patterns-of-building-ai-agents WHAT IS MASTRA? Mastra is an open-source TypeScript framework designed for building and shipping AI-powered applications and agents with minimal friction. It supports the full lifecycle of agent development — from prototype to production. CHAPTERS 0:00 Introduction 0:14 Skills are a massive security threat 0:40 The PNG with malicious EXIF metadata 2:26 Context poisoning attacks 3:54 Skills are directories: 90% own rate via shell scripts 5:21 Harness attacks: shebang and hooks 7:07 Ecosystem attacks: pytest and supply chain 9:13 These attacks are not theoretical 10:07 Don't treat skills like dependencies 11:06 Sentry's Skills Scanner 11:56 Q&A: what else should I worry about 13:15 Q&A: any emerging security standards 14:34 Q&A: trusting external content