{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2026:BPNRV46AGPCWTLEUKWGGABYUGM","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"de19fec0b81d82ee05fe2e40f067b9d10a6dea595a899383d8f98fa002f81c75","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-05-13T01:44:10Z","title_canon_sha256":"18bf03000c89e0ae0d96318e5b3d246331023ca28717cf77554c1fd848db642c"},"schema_version":"1.0","source":{"id":"2605.12875","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2605.12875","created_at":"2026-05-18T03:09:11Z"},{"alias_kind":"arxiv_version","alias_value":"2605.12875v1","created_at":"2026-05-18T03:09:11Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2605.12875","created_at":"2026-05-18T03:09:11Z"},{"alias_kind":"pith_short_12","alias_value":"BPNRV46AGPCW","created_at":"2026-05-18T12:33:37Z"},{"alias_kind":"pith_short_16","alias_value":"BPNRV46AGPCWTLEU","created_at":"2026-05-18T12:33:37Z"},{"alias_kind":"pith_short_8","alias_value":"BPNRV46A","created_at":"2026-05-18T12:33:37Z"}],"graph_snapshots":[{"event_id":"sha256:02b55cc74fbafe50844434760f96abc84430623685c89bed70c52036deacfc15","target":"graph","created_at":"2026-05-18T03:09:11Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":4,"items":[{"attestation":"unclaimed","claim_id":"C1","kind":"strongest_claim","source":"verdict.strongest_claim","status":"machine_extracted","text":"On 4,556 programmatic skills with double-blind human review, SKILLSCOPE achieves a precision of 84.8% and a recall of 96.5% for identifying inconsistency. Confirmed inconsistency affects 9.4% of skills."},{"attestation":"unclaimed","claim_id":"C2","kind":"weakest_assumption","source":"verdict.weakest_assumption","status":"machine_extracted","text":"The 11-category taxonomy constructed from 920 manually analyzed skills is assumed to comprehensively cover all security-relevant operations that could appear in implementations, with no major categories missed or over-generalized."},{"attestation":"unclaimed","claim_id":"C3","kind":"one_line_summary","source":"verdict.one_line_summary","status":"machine_extracted","text":"SKILLSCOPE detects undisclosed security behaviors in LLM skill implementations via security property graphs and taxonomy-based consistency checking, identifying confirmed inconsistencies in 9.4% of 4,556 evaluated skills with 84.8% precision and 96.5% recall against human review."},{"attestation":"unclaimed","claim_id":"C4","kind":"headline","source":"verdict.pith_extraction.headline","status":"machine_extracted","text":"LLM skill descriptions often omit security-relevant operations performed by their code implementations, which SKILLSCOPE detects via source-level graphs."}],"snapshot_sha256":"4403115f4d7a2874b2b2e5a8a6419430041e64b87e808045062629c9f7a85164"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Programmatic skills in LLM ecosystems consist of a natural-language description and executable implementation files. Users and LLMs rely on the description to understand the skill's scope. However, the implementation may perform security-relevant operations, such as credential access, network communication, or command execution, that the description does not state. We study this description--implementation inconsistency by asking whether the implementation stays within the security-relevant scope declared in the description. We manually analyze 920 real-world programmatic skills and construct ","authors_text":"Bang Fu, Baoning Niu, Huan Xing, Wenhui He, Xing Fan, Yue Li, Zehua Zhang","cross_cats":[],"headline":"LLM skill descriptions often omit security-relevant operations performed by their code implementations, which SKILLSCOPE detects via source-level graphs.","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-05-13T01:44:10Z","title":"Do Skill Descriptions Tell the Truth? Detecting Undisclosed Security Behaviors in Code-Backed LLM Skills"},"references":{"count":31,"internal_anchors":3,"resolved_work":31,"sample":[{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":1,"title":"Extend claude with skills,","work_id":"3dd2c273-4727-49cc-bd5c-45e4045132fe","year":2026},{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":2,"title":"GitHub, “About agent skills,” https://docs.github.com/en/copilot/concepts/ agents/about-agent-skills, 2026, gitHub Docs. Accessed: 2026-04-14","work_id":"c197115b-5fff-48d6-b976-7758632091f9","year":2026},{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":3,"title":"OpenAI, “Skills in chatgpt,” 2026, official documentation. [Online]. Available: https://help.openai.com/en/articles/20001066-skills-in-chatgpt","work_id":"c1fda2ed-19d8-4f0d-82d4-dcccd2550284","year":2026},{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":4,"title":"Creating agent skills for github copilot,","work_id":"eb8b70ad-7f8b-4dd5-b2dd-b4f3daf0da1a","year":2026},{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":5,"title":"Anthropic, “Claude code overview,” https://docs.anthropic.com/en/ docs/agents-and-tools/claude-code/overview, 2026, claude Code Docs. Accessed: 2026-04-14","work_id":"f6d498da-18b8-46b7-9026-044008add1ff","year":2026}],"snapshot_sha256":"cd8a533037401e5105ae9fecef6e99769d2f704c91dc70b665f7c3411b1101e4"},"source":{"id":"2605.12875","kind":"arxiv","version":1},"verdict":{"created_at":"2026-05-14T19:00:43.128361Z","id":"83e3ddb8-aa33-4eec-8aa8-b4fb71648b86","model_set":{"reader":"grok-4.3"},"one_line_summary":"SKILLSCOPE detects undisclosed security behaviors in LLM skill implementations via security property graphs and taxonomy-based consistency checking, identifying confirmed inconsistencies in 9.4% of 4,556 evaluated skills with 84.8% precision and 96.5% recall against human review.","pipeline_version":"pith-pipeline@v0.9.0","pith_extraction_headline":"LLM skill descriptions often omit security-relevant operations performed by their code implementations, which SKILLSCOPE detects via source-level graphs.","strongest_claim":"On 4,556 programmatic skills with double-blind human review, SKILLSCOPE achieves a precision of 84.8% and a recall of 96.5% for identifying inconsistency. Confirmed inconsistency affects 9.4% of skills.","weakest_assumption":"The 11-category taxonomy constructed from 920 manually analyzed skills is assumed to comprehensively cover all security-relevant operations that could appear in implementations, with no major categories missed or over-generalized."}},"verdict_id":"83e3ddb8-aa33-4eec-8aa8-b4fb71648b86"}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:2ef67080b3e51431a89cc01daa699390c1ed835a4b7cd58c0cf0fd24752641cb","target":"record","created_at":"2026-05-18T03:09:11Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"de19fec0b81d82ee05fe2e40f067b9d10a6dea595a899383d8f98fa002f81c75","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-05-13T01:44:10Z","title_canon_sha256":"18bf03000c89e0ae0d96318e5b3d246331023ca28717cf77554c1fd848db642c"},"schema_version":"1.0","source":{"id":"2605.12875","kind":"arxiv","version":1}},"canonical_sha256":"0bdb1af3c033c569ac94558c600714332b84b62a906f1200529920e5b5cc09a7","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"0bdb1af3c033c569ac94558c600714332b84b62a906f1200529920e5b5cc09a7","first_computed_at":"2026-05-18T03:09:11.227530Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T03:09:11.227530Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"2k4v7zFqwOoTpSnJUmpSbsqieWBkg5jmI7G7/9lNe9/cCvM45wnlfZJ85Gq/kpdCabAI/LM0NQJmctSlnO5SCw==","signature_status":"signed_v1","signed_at":"2026-05-18T03:09:11.228266Z","signed_message":"canonical_sha256_bytes"},"source_id":"2605.12875","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:2ef67080b3e51431a89cc01daa699390c1ed835a4b7cd58c0cf0fd24752641cb","sha256:02b55cc74fbafe50844434760f96abc84430623685c89bed70c52036deacfc15"],"state_sha256":"2ab7ce68bdd8ea098d4e22cebc7a5358e1b1cdd2dcad0109efb8c4846511b328"}