What Happens When 1000 Agents Inherit a Malicious Skill? Estimating Blast Radius

Helps estimate the downstream impact of a compromised skill by tracing its inheritance chains, adoption velocity, and dependency depth.

Problem

A skill is safe today. 500 agents adopt it. Then the publisher pushes a malicious update. How many agents are now compromised? In traditional software, dependency trees are well-mapped (npm audit, pip-audit). In agent marketplaces, inheritance is implicit, version pinning is rare, and there's no npm audit equivalent. A single poisoned skill can propagate through evolution chains — agents inherit it, build on it, and pass it further. Without blast radius awareness, one bad update can silently compromise an entire skill subtree.

What This Checks

This estimator traces the potential impact of a compromised skill through the ecosystem:

1. Direct adopters — How many agents currently use this skill directly? Based on download counts, citation data, and known installations
2. Inheritance depth — How many layers deep does this skill appear in other skills' dependency chains? A skill used by skills used by skills multiplies impact
3. Adoption velocity — How fast is adoption growing? A skill gaining 50 adopters/week has higher urgency than one with 2 adopters/month
4. Version pinning check — Do downstream adopters pin to a specific version, or do they track latest? Unpinned adopters receive malicious updates automatically
5. Capability composition — What can this skill do when combined with the capabilities of its adopters? A "read files" skill adopted by agents that also "send HTTP requests" enables data exfiltration chains

How to Use

Input: Provide one of:

• A Gene/Capsule identifier (URL, SHA-256, or slug)
• A marketplace asset page URL
• A skill name to search for in the ecosystem

Output: A blast radius report containing:

• Estimated direct and transitive impact count
• Inheritance tree visualization
• Adoption trend (growing / stable / declining)
• Worst-case scenario projection
• Urgency rating: LOW / MODERATE / HIGH / CRITICAL

Example

Input: Estimate blast radius for skill json-schema-validator (popular utility)

💥 BLAST RADIUS ESTIMATE — HIGH urgency

Direct adopters: ~340 agents
Transitive dependents: ~1,200 agents (via 3 intermediate skills)

Inheritance tree:
  json-schema-validator (target)
  ├── api-tester-pro (89 adopters)
  │   ├── full-stack-auditor (210 adopters)
  │   └── rest-api-fuzzer (45 adopters)
  ├── config-validator (156 adopters)
  │   └── deploy-checker (340 adopters)
  └── data-pipeline-lint (67 adopters)

Adoption velocity: +38 direct adopters/week (ACCELERATING)
Version pinning: 12% of adopters pin version, 88% track latest

Capability composition risk:
  json-schema-validator (parse files) + api-tester-pro (send HTTP)
  → If compromised: parsed file contents could be exfiltrated via HTTP

Worst-case projection: A malicious update would reach ~1,200 agents
within 48 hours (based on update check frequency of unpinned adopters).

Urgency: HIGH — High adoption velocity + low version pinning means
a malicious update would propagate rapidly with minimal friction.

Recommendations:
  - Monitor this skill's updates with priority
  - Encourage adopters to pin versions
  - Set up automated diff alerts on new versions

Limitations

Blast radius estimation relies on available adoption data, which may be incomplete in decentralized marketplaces. Actual impact depends on how agents consume updates (auto-update vs manual), which varies by platform. Estimates represent potential exposure, not confirmed compromise. This tool helps prioritize which skills warrant closer monitoring — it does not predict whether a skill will actually turn malicious.