{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2026:G7UPK5UY5ZV6LYBHIB4OSTDHFZ","short_pith_number":"pith:G7UPK5UY","canonical_record":{"source":{"id":"2605.29354","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-05-28T04:48:45Z","cross_cats_sorted":["cs.LG"],"title_canon_sha256":"9050ead49582ef4eea49e370caec6d1eb3f6ab701092551e8d3fabdc5fec4510","abstract_canon_sha256":"ece1dd4eb56cd52624ef9bdcf3403d376208a09a3f6cbaae83ed04a7c0481118"},"schema_version":"1.0"},"canonical_sha256":"37e8f57698ee6be5e0274078e94c672e62522de1a39dca2eb315022a51d7ebec","source":{"kind":"arxiv","id":"2605.29354","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2605.29354","created_at":"2026-05-29T01:05:34Z"},{"alias_kind":"arxiv_version","alias_value":"2605.29354v1","created_at":"2026-05-29T01:05:34Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2605.29354","created_at":"2026-05-29T01:05:34Z"},{"alias_kind":"pith_short_12","alias_value":"G7UPK5UY5ZV6","created_at":"2026-05-29T01:05:34Z"},{"alias_kind":"pith_short_16","alias_value":"G7UPK5UY5ZV6LYBH","created_at":"2026-05-29T01:05:34Z"},{"alias_kind":"pith_short_8","alias_value":"G7UPK5UY","created_at":"2026-05-29T01:05:34Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2026:G7UPK5UY5ZV6LYBHIB4OSTDHFZ","target":"record","payload":{"canonical_record":{"source":{"id":"2605.29354","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-05-28T04:48:45Z","cross_cats_sorted":["cs.LG"],"title_canon_sha256":"9050ead49582ef4eea49e370caec6d1eb3f6ab701092551e8d3fabdc5fec4510","abstract_canon_sha256":"ece1dd4eb56cd52624ef9bdcf3403d376208a09a3f6cbaae83ed04a7c0481118"},"schema_version":"1.0"},"canonical_sha256":"37e8f57698ee6be5e0274078e94c672e62522de1a39dca2eb315022a51d7ebec","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-29T01:05:34.735196Z","signature_b64":"Z0fO73l+X6oyBtpd0QzyQCwdpA+Wnq4A5e12lCSK0ME+1uVm+LE+I/GufwAMHe+HVPWDplwmklyIRoKX7FtnDA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"37e8f57698ee6be5e0274078e94c672e62522de1a39dca2eb315022a51d7ebec","last_reissued_at":"2026-05-29T01:05:34.734708Z","signature_status":"signed_v1","first_computed_at":"2026-05-29T01:05:34.734708Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2605.29354","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-29T01:05:34Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"ZM6+8c0BU36mgiPvynG7DXudRBBT+pvJXJ86FeSyE/uins/34DoKdZIJRifnrhP4Uz5Nzu8UJr+qKRWO/Em9DA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-07T07:13:36.564178Z"},"content_sha256":"7b066d72ef47068191c5f2b26a2ac3f3abe1983aac386acf6e4c659a4cda1ca8","schema_version":"1.0","event_id":"sha256:7b066d72ef47068191c5f2b26a2ac3f3abe1983aac386acf6e4c659a4cda1ca8"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2026:G7UPK5UY5ZV6LYBHIB4OSTDHFZ","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Harmless Yet Harmful: Neutral Prompting Attacks for Stealthy Hallucination Steering in Agent Skills","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.LG"],"primary_cat":"cs.CR","authors_text":"Chia-Mu Yu, Chia-Yi Hsu, Chun-Ying Huang, Jun Sakuma","submitted_at":"2026-05-28T04:48:45Z","abstract_excerpt":"LLM-powered coding agents increasingly participate in software development workflows by generating code, selecting dependencies, and producing package installation commands. This creates a new software supply chain risk: when an agent hallucinates a non-existent package, an attacker may register the hallucinated name and later compromise users who install it. Existing package hallucination attacks and defenses primarily focus on naturally occurring hallucinations, targeted dependency steering, or post-hoc package validation. In this paper, we introduce \\emph{Neutral Prompting Attack} (NPA), a "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2605.29354","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2605.29354/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-29T01:05:34Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"7+XQm2ltceJ3eQxg2M3EYL2bk67UwodHiP2GcfFpOqlwegGHByxO/LO8tpJfqzu5Mu4n7m5DW5FAoIZeaHlhBA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-07T07:13:36.564623Z"},"content_sha256":"bab62603cfb3b0f842e1644425998848e342c3707dc7e92af738f28bf8951065","schema_version":"1.0","event_id":"sha256:bab62603cfb3b0f842e1644425998848e342c3707dc7e92af738f28bf8951065"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/G7UPK5UY5ZV6LYBHIB4OSTDHFZ/bundle.json","state_url":"https://pith.science/pith/G7UPK5UY5ZV6LYBHIB4OSTDHFZ/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/G7UPK5UY5ZV6LYBHIB4OSTDHFZ/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-07T07:13:36Z","links":{"resolver":"https://pith.science/pith/G7UPK5UY5ZV6LYBHIB4OSTDHFZ","bundle":"https://pith.science/pith/G7UPK5UY5ZV6LYBHIB4OSTDHFZ/bundle.json","state":"https://pith.science/pith/G7UPK5UY5ZV6LYBHIB4OSTDHFZ/state.json","well_known_bundle":"https://pith.science/.well-known/pith/G7UPK5UY5ZV6LYBHIB4OSTDHFZ/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2026:G7UPK5UY5ZV6LYBHIB4OSTDHFZ","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"ece1dd4eb56cd52624ef9bdcf3403d376208a09a3f6cbaae83ed04a7c0481118","cross_cats_sorted":["cs.LG"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-05-28T04:48:45Z","title_canon_sha256":"9050ead49582ef4eea49e370caec6d1eb3f6ab701092551e8d3fabdc5fec4510"},"schema_version":"1.0","source":{"id":"2605.29354","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2605.29354","created_at":"2026-05-29T01:05:34Z"},{"alias_kind":"arxiv_version","alias_value":"2605.29354v1","created_at":"2026-05-29T01:05:34Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2605.29354","created_at":"2026-05-29T01:05:34Z"},{"alias_kind":"pith_short_12","alias_value":"G7UPK5UY5ZV6","created_at":"2026-05-29T01:05:34Z"},{"alias_kind":"pith_short_16","alias_value":"G7UPK5UY5ZV6LYBH","created_at":"2026-05-29T01:05:34Z"},{"alias_kind":"pith_short_8","alias_value":"G7UPK5UY","created_at":"2026-05-29T01:05:34Z"}],"graph_snapshots":[{"event_id":"sha256:bab62603cfb3b0f842e1644425998848e342c3707dc7e92af738f28bf8951065","target":"graph","created_at":"2026-05-29T01:05:34Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2605.29354/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"LLM-powered coding agents increasingly participate in software development workflows by generating code, selecting dependencies, and producing package installation commands. This creates a new software supply chain risk: when an agent hallucinates a non-existent package, an attacker may register the hallucinated name and later compromise users who install it. Existing package hallucination attacks and defenses primarily focus on naturally occurring hallucinations, targeted dependency steering, or post-hoc package validation. In this paper, we introduce \\emph{Neutral Prompting Attack} (NPA), a ","authors_text":"Chia-Mu Yu, Chia-Yi Hsu, Chun-Ying Huang, Jun Sakuma","cross_cats":["cs.LG"],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-05-28T04:48:45Z","title":"Harmless Yet Harmful: Neutral Prompting Attacks for Stealthy Hallucination Steering in Agent Skills"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2605.29354","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:7b066d72ef47068191c5f2b26a2ac3f3abe1983aac386acf6e4c659a4cda1ca8","target":"record","created_at":"2026-05-29T01:05:34Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"ece1dd4eb56cd52624ef9bdcf3403d376208a09a3f6cbaae83ed04a7c0481118","cross_cats_sorted":["cs.LG"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-05-28T04:48:45Z","title_canon_sha256":"9050ead49582ef4eea49e370caec6d1eb3f6ab701092551e8d3fabdc5fec4510"},"schema_version":"1.0","source":{"id":"2605.29354","kind":"arxiv","version":1}},"canonical_sha256":"37e8f57698ee6be5e0274078e94c672e62522de1a39dca2eb315022a51d7ebec","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"37e8f57698ee6be5e0274078e94c672e62522de1a39dca2eb315022a51d7ebec","first_computed_at":"2026-05-29T01:05:34.734708Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-29T01:05:34.734708Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"Z0fO73l+X6oyBtpd0QzyQCwdpA+Wnq4A5e12lCSK0ME+1uVm+LE+I/GufwAMHe+HVPWDplwmklyIRoKX7FtnDA==","signature_status":"signed_v1","signed_at":"2026-05-29T01:05:34.735196Z","signed_message":"canonical_sha256_bytes"},"source_id":"2605.29354","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:7b066d72ef47068191c5f2b26a2ac3f3abe1983aac386acf6e4c659a4cda1ca8","sha256:bab62603cfb3b0f842e1644425998848e342c3707dc7e92af738f28bf8951065"],"state_sha256":"07ad0da688b360d822b4ec85b3ecc27ed5a70002624ad21022db5715746ce316"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"1G3ubSbLqy+3J15iFhni2r90mQmeezu5n6MQ/RZ6oLydmW60x+prIsDRXyScjza2BN0hmvtg5i4a4dbnfAN9CQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-07T07:13:36.567924Z","bundle_sha256":"2ea2c32b8023431041ac35909bd691782b7a5ad9e771b0647d62752cb8d62065"}}