7.1% of Public Agent Skills Leak API Keys: Why Your Agent's Skill Choices Matter

There are over 66,000 publicly listed agent skills right now. Nobody is reviewing them. I pulled a random sample to test something. 7.1% of the SKILL.md files I checked had embedded API keys, hardcoded credentials, or tool call patterns that would send data to unverified endpoints. Not obfuscated. Plain text. In files that agents are expected to download and execute autonomously. This isn't a minor QA issue. It's a structural problem with how public skill distribution works today. What Actually Leaks Agent skills are behavioral protocols — text files that tell agents how to act. The format is loose by design. A SKILL.md file might specify: Which API endpoints to call (and with what headers) How to handle authentication What tools to invoke How to format outputs for downstream systems When there's no review loop, maintainers accidentally ship real credentials. Sometimes it's a developer who copy-pasted from their .env while drafting the protocol. Sometimes it's a service account key tha