10 Security & QA Skills for AI Coding Agents
Security Boulevard, Monday, June 8th, 2026
Ten security and QA skills to run inside AI coding agents like Claude Code, Cursor, and Codex during task execution.
The article presents ten security and QA skills, including SAST, secret scanning, test generation, and prompt-injection defense, that can run from inside AI coding agents such as Claude Code, Cursor, and Codex.
It cites a Snyk ToxicSkills study finding that 36.82% of 3,984 audited AI agent skills carried at least one security flaw, with 13.4% having critical-severity issues. The core argument is that security and QA tooling must be integrated inside the agent loop rather than downstream in CI, since agents can introduce insecure code, leaked secrets, and prompt-injection payloads into repositories. Developers can run static analysis, dependency and secret scanning, test generation, and prompt-injection red-teaming as skills or MCP servers the agent calls during work.