pith. sign in
Pith Number

pith:H3N5XNZ5

pith:2026:H3N5XNZ5XY46S2C2A62CYUGATD
not attested not anchored not stored refs pending

SkillSafetyBench: Evaluating Agent Safety under Skill-Facing Attack Surfaces

An Wang, Biaojie Zeng, Chang Jin, Chao Yang, Jingjing Qu, Kai Wang, Qiaosheng Zhang, Xia Hu, Xingcheng Xu, Zeming Wei

SkillSafetyBench shows that attacks on reusable skills can induce unsafe actions in LLM agents even from benign user requests.

arxiv:2605.12015 v2 · 2026-05-12 · cs.CR · cs.AI · cs.CL · cs.LG · cs.MA

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?
Add to your LaTeX paper 
\usepackage{pith}
\pithnumber{H3N5XNZ5XY46S2C2A62CYUGATD}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp
2 Internet Archive
3 Author claim open · sign in to claim
4 Citations open
5 Replications open
Portable graph bundle live · download bundle · merged state
The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

Experiments with multiple CLI agents and model backends show that localized non-user attacks can consistently induce unsafe behavior, with distinct failure patterns across domains, attack methods, and scaffold-model pairings.

C2weakest assumption

The 155 adversarial cases and rule-based verifiers accurately capture real-world skill-mediated safety failures without over- or under-counting due to case construction or verifier limitations.

C3one line summary

SkillSafetyBench shows that localized non-user attacks via skills and artifacts can consistently induce unsafe agent behavior across domains and model backends, independent of user intent.

Formal links

1 machine-checked theorem link

Receipt and verification
First computed 2026-05-28T01:04:42.312567Z
Builder pith-number-builder-2026-05-17-v1
Signature Pith Ed25519 (pith-v1-2026-05) · public key
Schema pith-number/v1.0

Canonical hash

3edbdbb73dbe39e9685a07b42c50c098fb3b519f72597a913df36460fa98df38

Aliases

arxiv: 2605.12015 · arxiv_version: 2605.12015v2 · doi: 10.48550/arxiv.2605.12015 · pith_short_12: H3N5XNZ5XY46 · pith_short_16: H3N5XNZ5XY46S2C2 · pith_short_8: H3N5XNZ5
Agent API
Resolver JSON Graph JSON Events JSON Schema Signing key
Verify this Pith Number yourself 
curl -sH 'Accept: application/ld+json' https://pith.science/pith/H3N5XNZ5XY46S2C2A62CYUGATD \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: 3edbdbb73dbe39e9685a07b42c50c098fb3b519f72597a913df36460fa98df38
Canonical record JSON 
{
  "metadata": {
    "abstract_canon_sha256": "b2b5e57315c1da8bf26e96198308ad060d9fbb896d27ec385ec212736b2b4c59",
    "cross_cats_sorted": [
      "cs.AI",
      "cs.CL",
      "cs.LG",
      "cs.MA"
    ],
    "license": "http://creativecommons.org/licenses/by/4.0/",
    "primary_cat": "cs.CR",
    "submitted_at": "2026-05-12T12:03:54Z",
    "title_canon_sha256": "69d27491dcdbd0570d4451131345ea50a253163c051840d8045f26013af02656"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2605.12015",
    "kind": "arxiv",
    "version": 2
  }
}