AArmor1inarmor1.hashnode.dev·May 15 · 4 min readHow to Audit Your AI Agent Skills for Credential Exposure and Malicious Instructions Two independent security research groups published this week with findings that land on the same problem from different angles: AI agent skill files are a serious and underaudited supply chain surface00
AArmor1inarmor1.hashnode.dev·May 12 · 4 min readWhat "Code That Runs Before You Click Trust" Means for AI Coding Tools (Claude Code Case Study)The trust dialog in an AI coding tool is supposed to be the security boundary that gates everything the agent does inside a workspace. External security researchers recently published a technical writ00
AArmor1inarmor1.hashnode.dev·May 10 · 4 min readHow to Check if You're Affected by CVE-2026-26268 in Cursor (and What to Do)CVE-2026-26268 is a CVSS 8.1 high-severity vulnerability in the Cursor AI IDE that lets a malicious repository execute arbitrary code on a developer's machine the moment Cursor's agent performs a Git 00
AArmor1inarmor1.hashnode.dev·May 8 · 3 min readHow to Check If Your Claude Code Installation Is Affected by CVE-2026-39861 (CVSS 7.7)CVE-2026-39861 is a sandbox escape in Claude Code, patched in version 2.1.64. The vulnerability allows file writes to land outside the workspace directory by exploiting symbolic link following across 00
AArmor1inarmor1.hashnode.dev·Apr 22 · 4 min readHow to Check Your MCP Server for CVE-2026-5603's Vulnerability Pattern (And Why shellQuote Isn't Enough)CVE-2026-5603 is a Critical command injection in @elgentos/magento2-dev-mcp, but the vulnerability pattern it represents shows up in community MCP servers regularly. This post explains what the vulner00