◈ AI Security Intelligence ← All terms
Concept  ·  Glossary

Agentic Skills (MCP Skills)

Definition
Discrete capabilities or tools that an AI agent can invoke to interact with external systems—such as reading a file, querying a database, or calling an API. Skills are defined and exposed through the Model Context Protocol (MCP) and become the primary attack surface for agentic compromise.
Why it matters
A skill is an instruction an agent can follow. If an attacker can inject malicious skill definitions or trick an agent into invoking the wrong skill, they can hijack the agent into reading secrets, modifying data, or running arbitrary code.
Demonstrated by recent findings
OWASP Agentic Skills Top 10 (AST10) — First Security Framework for AI Agent Skills Published
References
OWASP Agentic Skills Top 10 (AST10)
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →