{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2026:L6K7D3RDKOH4GQ6AMV77VLY5WB","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"8f54fcb40f7995ec61cc0b6df2b9c5fd355247079e1cd52f807e0e1b370a2ec7","cross_cats_sorted":["cs.AI","cs.CL"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-06-01T02:13:49Z","title_canon_sha256":"be38a27e24719f9a1ca4d9557e7babde0cd9a7eb18cae6de94f5df342826dbd8"},"schema_version":"1.0","source":{"id":"2606.01567","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2606.01567","created_at":"2026-06-02T02:04:36Z"},{"alias_kind":"arxiv_version","alias_value":"2606.01567v1","created_at":"2026-06-02T02:04:36Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2606.01567","created_at":"2026-06-02T02:04:36Z"},{"alias_kind":"pith_short_12","alias_value":"L6K7D3RDKOH4","created_at":"2026-06-02T02:04:36Z"},{"alias_kind":"pith_short_16","alias_value":"L6K7D3RDKOH4GQ6A","created_at":"2026-06-02T02:04:36Z"},{"alias_kind":"pith_short_8","alias_value":"L6K7D3RD","created_at":"2026-06-02T02:04:36Z"}],"graph_snapshots":[{"event_id":"sha256:f926a27fa2c93427e7f48f43b06a114c094b8b515355faf645355c4350f3f789","target":"graph","created_at":"2026-06-02T02:04:36Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2606.01567/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"Large language model (LLM) agents increasingly rely on reusable skills i.e. documents describing task-specific procedures. However, this introduces a new attack surface for agents to manage. We study two complementary directions for this threat. First, we evaluate guardian-based defenses: an intermediary LLM agent that acts as a mediator for skill file access (dynamic guardian) or pre-rewrites these files at build time (static guardian). Across three LLM agent families, our guardians cut attack success rate (ASR) by well over half while preserving task utility. Second, we stress test them thro","authors_text":"Anand Kannappan, Makesh Narasimhan Sreedhar, Prasoon Varshney, Rebecca Qian, Traian Rebedea, Varun Gangal, Yoshinari Fujinuma","cross_cats":["cs.AI","cs.CL"],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-06-01T02:13:49Z","title":"Defenses & Enablers For Skill Injection Attacks on Terminal Based Agents"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2606.01567","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:86651250a9653f8c2b92aeb661b9df813903c43f603ad4804e4bd5b2255d04f3","target":"record","created_at":"2026-06-02T02:04:36Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"8f54fcb40f7995ec61cc0b6df2b9c5fd355247079e1cd52f807e0e1b370a2ec7","cross_cats_sorted":["cs.AI","cs.CL"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-06-01T02:13:49Z","title_canon_sha256":"be38a27e24719f9a1ca4d9557e7babde0cd9a7eb18cae6de94f5df342826dbd8"},"schema_version":"1.0","source":{"id":"2606.01567","kind":"arxiv","version":1}},"canonical_sha256":"5f95f1ee23538fc343c0657ffaaf1db04be4e38bd76da3be440447e0e7d4ca02","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"5f95f1ee23538fc343c0657ffaaf1db04be4e38bd76da3be440447e0e7d4ca02","first_computed_at":"2026-06-02T02:04:36.793226Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-06-02T02:04:36.793226Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"Pd8M1t0kkYIBxj5mcY+D2Jj88ASOkjzRddXCO+TTwtKYl48f2GSXyAkMQ2PhV1saIhzN/Q64PCZWYqSazSDiDg==","signature_status":"signed_v1","signed_at":"2026-06-02T02:04:36.793613Z","signed_message":"canonical_sha256_bytes"},"source_id":"2606.01567","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:86651250a9653f8c2b92aeb661b9df813903c43f603ad4804e4bd5b2255d04f3","sha256:f926a27fa2c93427e7f48f43b06a114c094b8b515355faf645355c4350f3f789"],"state_sha256":"1baf2450dac6f541c26de463da43b8e4e6fd1173d06f40cec35dfdd6e9bdc520"}