pith. sign in

SkillAttack: Automated Red Teaming of Agent Skills through Attack Path Refinement

10 Pith papers cite this work. Polarity classification is still indexing.

10 Pith papers citing it
abstract

LLM-based agent systems increasingly rely on agent skills sourced from open registries to extend their capabilities, yet the openness of such ecosystems makes skills difficult to thoroughly vet. Existing attacks rely on injecting malicious instructions into skills, making them easily detectable by static auditing. However, non-malicious skills may also harbor latent vulnerabilities that an attacker can exploit solely through adversarial prompting, without modifying the skill itself. We introduce SkillAttack, a red-teaming framework that dynamically verifies skill vulnerability exploitability through adversarial prompting. SkillAttack combines vulnerability analysis, surface-parallel attack generation, and feedback-driven exploit refinement into a closed-loop search that progressively converges toward successful exploitation. Experiments across 10 LLMs on 71 adversarial and 100 real-world skills show that SkillAttack outperforms all baselines by a wide margin (ASR 0.73--0.93 on adversarial skills, up to 0.26 on real-world skills), revealing that even well-intended skills pose serious security risks under realistic agent interactions.

citation-role summary

background 3

citation-polarity summary

years

2026 10

verdicts

UNVERDICTED 10

roles

background 3

polarities

background 3

representative citing papers

POISE: Position-Aware Undetectable Skill Injection on LLM Agents

cs.CR · 2026-06-06 · unverdicted · novelty 6.0

POISE is a stealthy skill-poisoning attack achieving 89.3% ASR on Skill-Inject by blending a compressed trigger into contextually appropriate positions in skill bodies, outperforming YAML and random-placement baselines while evading static scanners.

citing papers explorer

Showing 10 of 10 citing papers.