The Standup with ThePrimeagen

The AI Social Networks Have Skill Issues

32 snips
Feb 6, 2026
They dig into agentic AI skills that fabricate commands and spread bad code across repos. Conversation covers supply-chain and trust risks when skills auto-install and execute arbitrary packages. They explore real-world failures like misconfigured social-network clones and AI-generated auth code that leaked secrets. The tone mixes laughs with warnings about automation and sandboxing.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
ANECDOTE

Hallucinated NPX Command Went Viral

  • A hallucinated NPX command called "React CodeShift" appeared in skills and spread to hundreds of repos.
  • The LLM-created fake package infected many skill repos because authors asked LLMs to auto-generate skills.
ADVICE

Avoid Blindly Installing Skills

  • Don't trust skill content blindly; treat it like third-party code and audit before use.
  • Require explicit confirmation for any agent-run commands instead of auto-accepting prompts.
ANECDOTE

Malicious Skill Climbed To #1 On CloudHub

  • Researcher published a malicious CloudHub skill called "What Would Elon Do" and gamed download counts to reach #1.
  • The skill exposed hosts that ran it by printing working directory and hostname to the attacker.
Get the Snipd Podcast app to discover more snips from this episode
Get the app