OWASP just published a Top 10 for agentic AI skills, covering malicious packages, supply-chain compromise, and over-privileged manifests across OpenClaw, Claude Code, Cursor, and VS Code. Agent extensions are becoming normal software supply-chain problems. Security teams should treat this as a checklist.

https://owasp.org/www-project-agentic-skills-top-10/