{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2026:DSGGYYAFYHHQIOPX4CTPOERHTX","short_pith_number":"pith:DSGGYYAF","canonical_record":{"source":{"id":"2602.06547","kind":"arxiv","version":3},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-02-06T09:52:27Z","cross_cats_sorted":["cs.AI","cs.CL","cs.ET"],"title_canon_sha256":"17489831ba85202367ff6a59f4fb66f42dca11eb93de5c23facded06b866f725","abstract_canon_sha256":"92f3dc5189db690874eccd59a73c41f2f811273e2890d522fe4bd41873b29aad"},"schema_version":"1.0"},"canonical_sha256":"1c8c6c6005c1cf0439f7e0a6f712279df1124b5bdbaabd56cbfad40fb54a0a18","source":{"kind":"arxiv","id":"2602.06547","version":3},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2602.06547","created_at":"2026-06-02T03:04:38Z"},{"alias_kind":"arxiv_version","alias_value":"2602.06547v3","created_at":"2026-06-02T03:04:38Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2602.06547","created_at":"2026-06-02T03:04:38Z"},{"alias_kind":"pith_short_12","alias_value":"DSGGYYAFYHHQ","created_at":"2026-06-02T03:04:38Z"},{"alias_kind":"pith_short_16","alias_value":"DSGGYYAFYHHQIOPX","created_at":"2026-06-02T03:04:38Z"},{"alias_kind":"pith_short_8","alias_value":"DSGGYYAF","created_at":"2026-06-02T03:04:38Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2026:DSGGYYAFYHHQIOPX4CTPOERHTX","target":"record","payload":{"canonical_record":{"source":{"id":"2602.06547","kind":"arxiv","version":3},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-02-06T09:52:27Z","cross_cats_sorted":["cs.AI","cs.CL","cs.ET"],"title_canon_sha256":"17489831ba85202367ff6a59f4fb66f42dca11eb93de5c23facded06b866f725","abstract_canon_sha256":"92f3dc5189db690874eccd59a73c41f2f811273e2890d522fe4bd41873b29aad"},"schema_version":"1.0"},"canonical_sha256":"1c8c6c6005c1cf0439f7e0a6f712279df1124b5bdbaabd56cbfad40fb54a0a18","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-06-02T03:04:38.273761Z","signature_b64":"fswfX8eITX6sKV0F85cXRqNW79G8dyvsfcEuwi2UNRkgtc03XMgAXuE9gAAPUEsWqBX8SIWUeGFWcL8efp7aBw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"1c8c6c6005c1cf0439f7e0a6f712279df1124b5bdbaabd56cbfad40fb54a0a18","last_reissued_at":"2026-06-02T03:04:38.273225Z","signature_status":"signed_v1","first_computed_at":"2026-06-02T03:04:38.273225Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2602.06547","source_version":3,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-06-02T03:04:38Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"OCt672EXYRzzZAqYcgHZdwHoh5kWHeM1hSP/ZHvuf/g5XrMfpS6ZamAQBrrFPxHqzRX0Hmu+ath12wWll/oeBg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-03T07:22:27.354308Z"},"content_sha256":"7d4d719d2078a8072300d93052a8238a662e221af57c47c0fcd8f545b93f29d0","schema_version":"1.0","event_id":"sha256:7d4d719d2078a8072300d93052a8238a662e221af57c47c0fcd8f545b93f29d0"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2026:DSGGYYAFYHHQIOPX4CTPOERHTX","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"\"Do Not Mention This to the User\": Detecting and Understanding Malicious Agent Skills","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.AI","cs.CL","cs.ET"],"primary_cat":"cs.CR","authors_text":"Gelei Deng, Jianting Ning, Leo Yu Zhang, Yanjun Zhang, Yi Liu, Yuekang Li, Zhihao Chen","submitted_at":"2026-02-06T09:52:27Z","abstract_excerpt":"LLM-based coding agents increasingly rely on third-party extensions called skills, which bundle natural language instructions and helper scripts that execute with full user privileges. Community registries have emerged to distribute these skills, but the security implications remain unstudied due to the absence of labeled threat data. This paper presents a systematic security analysis of 98,380 skills collected from two major registries. Through a combination of static pattern matching and dynamic behavioral verification, we identify 157 skills exhibiting confirmed malicious behavior, encompas"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2602.06547","kind":"arxiv","version":3},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2602.06547/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-06-02T03:04:38Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"WL3BC1lOtlG94U6CC499jG1UI91JWGgh3obVtVZvBqfg5TZfb4JlgXgF/+9bFBAgHq0TmC3Dt2QEkyLlHVFwDA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-03T07:22:27.354719Z"},"content_sha256":"a9a6474b51ad8ae587d17a268441bbe6acaf3fdf28be3f2b1c03abdd4b621942","schema_version":"1.0","event_id":"sha256:a9a6474b51ad8ae587d17a268441bbe6acaf3fdf28be3f2b1c03abdd4b621942"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/DSGGYYAFYHHQIOPX4CTPOERHTX/bundle.json","state_url":"https://pith.science/pith/DSGGYYAFYHHQIOPX4CTPOERHTX/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/DSGGYYAFYHHQIOPX4CTPOERHTX/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-03T07:22:27Z","links":{"resolver":"https://pith.science/pith/DSGGYYAFYHHQIOPX4CTPOERHTX","bundle":"https://pith.science/pith/DSGGYYAFYHHQIOPX4CTPOERHTX/bundle.json","state":"https://pith.science/pith/DSGGYYAFYHHQIOPX4CTPOERHTX/state.json","well_known_bundle":"https://pith.science/.well-known/pith/DSGGYYAFYHHQIOPX4CTPOERHTX/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2026:DSGGYYAFYHHQIOPX4CTPOERHTX","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"92f3dc5189db690874eccd59a73c41f2f811273e2890d522fe4bd41873b29aad","cross_cats_sorted":["cs.AI","cs.CL","cs.ET"],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-02-06T09:52:27Z","title_canon_sha256":"17489831ba85202367ff6a59f4fb66f42dca11eb93de5c23facded06b866f725"},"schema_version":"1.0","source":{"id":"2602.06547","kind":"arxiv","version":3}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2602.06547","created_at":"2026-06-02T03:04:38Z"},{"alias_kind":"arxiv_version","alias_value":"2602.06547v3","created_at":"2026-06-02T03:04:38Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2602.06547","created_at":"2026-06-02T03:04:38Z"},{"alias_kind":"pith_short_12","alias_value":"DSGGYYAFYHHQ","created_at":"2026-06-02T03:04:38Z"},{"alias_kind":"pith_short_16","alias_value":"DSGGYYAFYHHQIOPX","created_at":"2026-06-02T03:04:38Z"},{"alias_kind":"pith_short_8","alias_value":"DSGGYYAF","created_at":"2026-06-02T03:04:38Z"}],"graph_snapshots":[{"event_id":"sha256:a9a6474b51ad8ae587d17a268441bbe6acaf3fdf28be3f2b1c03abdd4b621942","target":"graph","created_at":"2026-06-02T03:04:38Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2602.06547/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"LLM-based coding agents increasingly rely on third-party extensions called skills, which bundle natural language instructions and helper scripts that execute with full user privileges. Community registries have emerged to distribute these skills, but the security implications remain unstudied due to the absence of labeled threat data. This paper presents a systematic security analysis of 98,380 skills collected from two major registries. Through a combination of static pattern matching and dynamic behavioral verification, we identify 157 skills exhibiting confirmed malicious behavior, encompas","authors_text":"Gelei Deng, Jianting Ning, Leo Yu Zhang, Yanjun Zhang, Yi Liu, Yuekang Li, Zhihao Chen","cross_cats":["cs.AI","cs.CL","cs.ET"],"headline":"","license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-02-06T09:52:27Z","title":"\"Do Not Mention This to the User\": Detecting and Understanding Malicious Agent Skills"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2602.06547","kind":"arxiv","version":3},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:7d4d719d2078a8072300d93052a8238a662e221af57c47c0fcd8f545b93f29d0","target":"record","created_at":"2026-06-02T03:04:38Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"92f3dc5189db690874eccd59a73c41f2f811273e2890d522fe4bd41873b29aad","cross_cats_sorted":["cs.AI","cs.CL","cs.ET"],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-02-06T09:52:27Z","title_canon_sha256":"17489831ba85202367ff6a59f4fb66f42dca11eb93de5c23facded06b866f725"},"schema_version":"1.0","source":{"id":"2602.06547","kind":"arxiv","version":3}},"canonical_sha256":"1c8c6c6005c1cf0439f7e0a6f712279df1124b5bdbaabd56cbfad40fb54a0a18","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"1c8c6c6005c1cf0439f7e0a6f712279df1124b5bdbaabd56cbfad40fb54a0a18","first_computed_at":"2026-06-02T03:04:38.273225Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-06-02T03:04:38.273225Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"fswfX8eITX6sKV0F85cXRqNW79G8dyvsfcEuwi2UNRkgtc03XMgAXuE9gAAPUEsWqBX8SIWUeGFWcL8efp7aBw==","signature_status":"signed_v1","signed_at":"2026-06-02T03:04:38.273761Z","signed_message":"canonical_sha256_bytes"},"source_id":"2602.06547","source_kind":"arxiv","source_version":3}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:7d4d719d2078a8072300d93052a8238a662e221af57c47c0fcd8f545b93f29d0","sha256:a9a6474b51ad8ae587d17a268441bbe6acaf3fdf28be3f2b1c03abdd4b621942"],"state_sha256":"c9942358757fcc1e1b3ee7ed42b8f9cb650b2722d5445e7aa6b433809c0493db"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"skW8Z/HuWNtZdv7VvZaA9m1zgg4ujJ9FYWrR50oC+z1v6mLPb+9aMB2N+OzHSH5TPqdhXT22+EMMlnj3iFeTCA==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-03T07:22:27.356772Z","bundle_sha256":"2f31a8e41853880b605ac659683b12d685fd198b53baef5d608af60d609ec5c1"}}