news newest ask show jobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

RCE in Your Test Suite: How AI Agent Skills Bypass Every Skill Security Scanner

https://www.gecko.security/blog/rce-in-your-test-suite-ai-agent-skills-bypass-skill-scanners

2•jjjutla•1h ago

Comments

jjjutla•1h ago

Been looking at the agent skills security space lately. All the research so far focuses on what the agent does with SKILL.md at runtime, prompt injection, or malicious commands. But the installer copies the entire skill directory into your repo. That means a bundled *.test.ts executes on npm test with no agent involvement and none of the current scanners flag it. Wrote it up here, curious if anyone has seen this angle covered before.

Simple, fast and open-source PHP framework frozen in C-extension

https://www.iceframework.org/

1•mooreds•2m ago•0 comments

Show HN: Fast-Axolotl – Rust extensions that make Axolotl fine-tuning 77x faster

https://github.com/neul-labs/fast-axolotl

1•ticktockten•3m ago•0 comments

How to Design Antibodies

https://press.asimov.com/articles/antibody-design

1•mailyk•4m ago•0 comments

Extend Protobuf/FlatBuffers Schema IDL with Shared/Circular Reference Support

https://fory.apache.org/blog/extend_protobuf_flatbuffers_with_shared_circular_refs/

1•chaokunyang•5m ago•3 comments

Code Canary: Realtime Reporting of Coding Agent Performance

https://fredbenenson.com/blog/2026/03/11/introducing-code-canary/

1•mecredis•5m ago•0 comments

Designing AI Chip Hardware and Software

https://docs.google.com/document/d/1dZ3vF8GE8_gx6tl52sOaUVEPq0ybmai1xvu3uk89_is/view

1•matt_d•7m ago•0 comments

Pro-Worker AI

https://www.brookings.edu/articles/building-pro-worker-ai/

1•Cerchie•8m ago•0 comments

Client-Side AI React Hooks Powered by Transformers.js and Web Workers

https://github.com/baskvava/react-zero-ai

1•baskvava•8m ago•1 comments

Brazilian Age-Verification Law: I Posit It Does Not Apply to Open-Source OSes

https://www.planalto.gov.br/ccivil_03/_ato2023-2026/2025/Lei/L15211.htm

1•replooda•9m ago•1 comments

Programmable Property-Based Testing

https://arxiv.org/abs/2602.18545

1•PaulHoule•10m ago•0 comments

Yahoo Introduces MyScout, the First Personalized Homepage for AI Answers

https://www.yahooinc.com/press/yahoo-introduces-myscout-the-first-personalized-homepage-for-ai-an...

1•drtz•11m ago•0 comments

I paired NotebookLM with Claude Code, and it feels like a dream team

https://www.xda-developers.com/paired-notebooklm-with-claude-code/

1•speckx•11m ago•0 comments

Replit raises $400M at $9B valuation

https://techfundingnews.com/replit-raises-400m-9b-valuation-ai-app-building/

3•exizt88•12m ago•0 comments

Tcl's Nxtpaper 4.0 screen: A review

https://manualdousuario.net/en/tcl-nxtpaper-4/

1•rpgbr•13m ago•0 comments

Sam Altman says OpenAI will tweak its Pentagon deal after surveillance backlash

https://www.businessinsider.com/openai-amending-contract-with-pentagon-amid-backlash-mass-surveil...

1•doener•14m ago•3 comments

YouTube just approved 30-second unskippable ads for TV

https://www.androidcentral.com/apps-software/youtube/youtube-on-tv-30-seconds-unskippable-ads

1•LorenDB•14m ago•0 comments

Goldman executive says private markets clients glad about Iran war 'distraction'

https://www.ft.com/content/9232dbce-0255-4949-8c4c-ea58d86a4166

1•alephnerd•14m ago•0 comments

Most AI chatbots will help users plan violent attacks, study finds

https://www.engadget.com/ai/most-ai-chatbots-will-help-users-plan-violent-attacks-study-finds-163...

1•mikece•15m ago•0 comments

ChatGPT Took The Pentagon's Killer Robot Deal: Boycott Now

https://quitgpt.org/pentagon?link_id=2&can_id=3b2cebf422aaa35898d6d8ce17355809&source=email-week-...

3•doener•15m ago•0 comments

The Web Is a Guitar Amp Now (Literally)

https://www.silverorange.com/blog/the-web-is-guitar-amp

2•speckx•15m ago•0 comments

The Bay Area Considers the Unthinkable: Life Without BART

https://www.nytimes.com/2026/03/10/us/bart-bay-area-san-francisco-transit.html

1•radley•16m ago•0 comments

ChatGPT Uninstalls Skyrocket

https://twitter.com/SensorTower/status/2029250034772963513

1•doener•16m ago•0 comments

Show HN: AgentSign – Zero trust for AI agents (OWASP-aligned)

https://agentsign.dev

1•AskCarX•17m ago•0 comments

Testers Still Needed?

1•AtulThakor333•17m ago•1 comments

Vectorless RAG Using Neo4j and Agentic Routing

https://github.com/TejasS1233/vectorless_RAG

1•Tejas1233•17m ago•0 comments

Ask HN: Does AI make your product better?

1•brodouevencode•17m ago•0 comments

Tilly Norwood music video is so bad; AI won't be putting actors out of work

https://www.latimes.com/entertainment-arts/story/2026-03-11/tilly-music-video-bad-ai-actors-out-o...

1•jaredwiener•18m ago•1 comments

AI Paranoia: A Conspiracy of Incentives

https://www.jernesto.com/articles/ai_paranoia

2•ponzusouce•18m ago•1 comments

Space Jellyfish Predictor

https://jellyfish.johnkrausphotos.com/

2•LorenDB•19m ago•0 comments

Show HN: Vanilla JavaScript refinery simulator built to explain job to my kids

https://fuelingcuriosity.com/game.html

11•fuelingcurious•20m ago•3 comments