Skill Files Are the New Prompt Injection Surface in 2026
User prompts are no longer the only place agents get poisoned. New benchmark work and recent security papers show that skill files, tool instructions, and agent-side context packages are now a serious injection surface.