{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2026:DSGGYYAFYHHQIOPX4CTPOERHTX","short_pith_number":"pith:DSGGYYAF","schema_version":"1.0","canonical_sha256":"1c8c6c6005c1cf0439f7e0a6f712279df1124b5bdbaabd56cbfad40fb54a0a18","source":{"kind":"arxiv","id":"2602.06547","version":3},"attestation_state":"computed","paper":{"title":"\"Do Not Mention This to the User\": Detecting and Understanding Malicious Agent Skills","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.AI","cs.CL","cs.ET"],"primary_cat":"cs.CR","authors_text":"Gelei Deng, Jianting Ning, Leo Yu Zhang, Yanjun Zhang, Yi Liu, Yuekang Li, Zhihao Chen","submitted_at":"2026-02-06T09:52:27Z","abstract_excerpt":"LLM-based coding agents increasingly rely on third-party extensions called skills, which bundle natural language instructions and helper scripts that execute with full user privileges. Community registries have emerged to distribute these skills, but the security implications remain unstudied due to the absence of labeled threat data. This paper presents a systematic security analysis of 98,380 skills collected from two major registries. Through a combination of static pattern matching and dynamic behavioral verification, we identify 157 skills exhibiting confirmed malicious behavior, encompas"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2602.06547","kind":"arxiv","version":3},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-02-06T09:52:27Z","cross_cats_sorted":["cs.AI","cs.CL","cs.ET"],"title_canon_sha256":"17489831ba85202367ff6a59f4fb66f42dca11eb93de5c23facded06b866f725","abstract_canon_sha256":"92f3dc5189db690874eccd59a73c41f2f811273e2890d522fe4bd41873b29aad"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-06-02T03:04:38.273761Z","signature_b64":"fswfX8eITX6sKV0F85cXRqNW79G8dyvsfcEuwi2UNRkgtc03XMgAXuE9gAAPUEsWqBX8SIWUeGFWcL8efp7aBw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"1c8c6c6005c1cf0439f7e0a6f712279df1124b5bdbaabd56cbfad40fb54a0a18","last_reissued_at":"2026-06-02T03:04:38.273225Z","signature_status":"signed_v1","first_computed_at":"2026-06-02T03:04:38.273225Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"\"Do Not Mention This to the User\": Detecting and Understanding Malicious Agent Skills","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.AI","cs.CL","cs.ET"],"primary_cat":"cs.CR","authors_text":"Gelei Deng, Jianting Ning, Leo Yu Zhang, Yanjun Zhang, Yi Liu, Yuekang Li, Zhihao Chen","submitted_at":"2026-02-06T09:52:27Z","abstract_excerpt":"LLM-based coding agents increasingly rely on third-party extensions called skills, which bundle natural language instructions and helper scripts that execute with full user privileges. Community registries have emerged to distribute these skills, but the security implications remain unstudied due to the absence of labeled threat data. This paper presents a systematic security analysis of 98,380 skills collected from two major registries. Through a combination of static pattern matching and dynamic behavioral verification, we identify 157 skills exhibiting confirmed malicious behavior, encompas"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2602.06547","kind":"arxiv","version":3},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2602.06547/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2602.06547","created_at":"2026-06-02T03:04:38.273284+00:00"},{"alias_kind":"arxiv_version","alias_value":"2602.06547v3","created_at":"2026-06-02T03:04:38.273284+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2602.06547","created_at":"2026-06-02T03:04:38.273284+00:00"},{"alias_kind":"pith_short_12","alias_value":"DSGGYYAFYHHQ","created_at":"2026-06-02T03:04:38.273284+00:00"},{"alias_kind":"pith_short_16","alias_value":"DSGGYYAFYHHQIOPX","created_at":"2026-06-02T03:04:38.273284+00:00"},{"alias_kind":"pith_short_8","alias_value":"DSGGYYAF","created_at":"2026-06-02T03:04:38.273284+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":16,"internal_anchor_count":16,"sample":[{"citing_arxiv_id":"2605.14460","citing_title":"Exploiting LLM Agent Supply Chains via Payload-less Skills","ref_index":18,"is_internal_anchor":true},{"citing_arxiv_id":"2605.13044","citing_title":"No Attack Required: Semantic Fuzzing for Specification Violations in Agent Skills","ref_index":40,"is_internal_anchor":true},{"citing_arxiv_id":"2605.12875","citing_title":"Do Skill Descriptions Tell the Truth? Detecting Undisclosed Security Behaviors in Code-Backed LLM Skills","ref_index":15,"is_internal_anchor":true},{"citing_arxiv_id":"2604.02837","citing_title":"Towards Secure Agent Skills: Architecture, Threat Taxonomy, and Security Analysis","ref_index":10,"is_internal_anchor":true},{"citing_arxiv_id":"2604.03070","citing_title":"Credential Leakage in LLM Agent Skills: A Large-Scale Empirical Study","ref_index":31,"is_internal_anchor":true},{"citing_arxiv_id":"2602.12430","citing_title":"Agent Skills for Large Language Models: Architecture, Acquisition, Security, and the Path Forward","ref_index":34,"is_internal_anchor":true},{"citing_arxiv_id":"2605.11770","citing_title":"Behavioral Integrity Verification for AI Agent Skills","ref_index":45,"is_internal_anchor":true},{"citing_arxiv_id":"2605.11891","citing_title":"Proteus: A Self-Evolving Red Team for Agent Skill Ecosystems","ref_index":19,"is_internal_anchor":true},{"citing_arxiv_id":"2605.12015","citing_title":"SkillSafetyBench: Evaluating Agent Safety under Skill-Facing Attack Surfaces","ref_index":68,"is_internal_anchor":true},{"citing_arxiv_id":"2605.11418","citing_title":"Under the Hood of SKILL.md: Semantic Supply-chain Attacks on AI Agent Skill Registry","ref_index":6,"is_internal_anchor":true},{"citing_arxiv_id":"2605.09594","citing_title":"Trust Me, Import This: Dependency Steering Attacks via Malicious Agent Skills","ref_index":19,"is_internal_anchor":true},{"citing_arxiv_id":"2605.05868","citing_title":"SkillScope: Toward Fine-Grained Least-Privilege Enforcement for Agent Skills","ref_index":30,"is_internal_anchor":true},{"citing_arxiv_id":"2604.22888","citing_title":"RouteGuard: Internal-Signal Detection of Skill Poisoning in LLM Agents","ref_index":7,"is_internal_anchor":true},{"citing_arxiv_id":"2605.05274","citing_title":"Sealing the Audit-Runtime Gap for LLM Skills","ref_index":28,"is_internal_anchor":true},{"citing_arxiv_id":"2604.06550","citing_title":"SkillSieve: A Hierarchical Triage Framework for Detecting Malicious AI Agent Skills","ref_index":7,"is_internal_anchor":true},{"citing_arxiv_id":"2604.15415","citing_title":"HarmfulSkillBench: How Do Harmful Skills Weaponize Your Agents?","ref_index":40,"is_internal_anchor":true}]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/DSGGYYAFYHHQIOPX4CTPOERHTX","json":"https://pith.science/pith/DSGGYYAFYHHQIOPX4CTPOERHTX.json","graph_json":"https://pith.science/api/pith-number/DSGGYYAFYHHQIOPX4CTPOERHTX/graph.json","events_json":"https://pith.science/api/pith-number/DSGGYYAFYHHQIOPX4CTPOERHTX/events.json","paper":"https://pith.science/paper/DSGGYYAF"},"agent_actions":{"view_html":"https://pith.science/pith/DSGGYYAFYHHQIOPX4CTPOERHTX","download_json":"https://pith.science/pith/DSGGYYAFYHHQIOPX4CTPOERHTX.json","view_paper":"https://pith.science/paper/DSGGYYAF","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2602.06547&json=true","fetch_graph":"https://pith.science/api/pith-number/DSGGYYAFYHHQIOPX4CTPOERHTX/graph.json","fetch_events":"https://pith.science/api/pith-number/DSGGYYAFYHHQIOPX4CTPOERHTX/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/DSGGYYAFYHHQIOPX4CTPOERHTX/action/timestamp_anchor","attest_storage":"https://pith.science/pith/DSGGYYAFYHHQIOPX4CTPOERHTX/action/storage_attestation","attest_author":"https://pith.science/pith/DSGGYYAFYHHQIOPX4CTPOERHTX/action/author_attestation","sign_citation":"https://pith.science/pith/DSGGYYAFYHHQIOPX4CTPOERHTX/action/citation_signature","submit_replication":"https://pith.science/pith/DSGGYYAFYHHQIOPX4CTPOERHTX/action/replication_record"}},"created_at":"2026-06-02T03:04:38.273284+00:00","updated_at":"2026-06-02T03:04:38.273284+00:00"}