Pith Number

pith:LAMVZL55

pith:2026:LAMVZL55NLR2ELZD6OT6IPCZHQ

not attested not anchored not stored refs resolved

No Attack Required: Semantic Fuzzing for Specification Violations in Agent Skills

Hanzhi Liu, Hongbo Wen, Yanju Chen, Ying Li, Yuan Tian, Yu Feng

Semantic fuzzing detects specification violations in 30 percent of real-world agent skills on ordinary inputs.

arxiv:2605.13044 v1 · 2026-05-13 · cs.CR · cs.AI

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?

Add to your LaTeX paper

\usepackage{pith}
\pithnumber{LAMVZL55NLR2ELZD6OT6IPCZHQ}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp

2 Internet Archive

3 Author claim open · sign in to claim

4 Citations open

5 Replications open

✓ Portable graph bundle live · download bundle · merged state

The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

On 402 real-world skills, Sefz finds specification violations in 120 (29.9%), including 26 previously unknown exploitable guardrail violations in deployed skills.

C2weakest assumption

That translating natural-language guardrails into deterministic reachability goals over execution traces accurately captures the intended semantics without introducing false violations or missing real ones.

C3one line summary

Sefz discovers specification violations in 29.9% of 402 real-world agent skills by translating guardrails into reachability goals and guiding LLM mutations with a multi-armed bandit.

References

48 extracted · 48 resolved · 4 Pith anchors

[1] Agentic ai: Autonomous intelligence for complex goals–a comprehensive survey 2025

[2] The landscape of prompt injection threats in llm agents: From taxonomy to analysis 2026

[3] Agent skills overview 2026

[4] ClawHub Community. ClawHub. https://clawhub.ai/, 2026. Accessed: 2026-05-07 2026

[5] Openclaw — personal ai assistant 2026

Receipt and verification

First computed	2026-05-18T03:08:59.476048Z
Builder	pith-number-builder-2026-05-17-v1
Signature	Pith Ed25519 (`pith-v1-2026-05`) · public key
Schema	pith-number/v1.0

Canonical hash

58195cafbd6ae3a22f23f3a7e43c593c327f4e1709256f8be974b1c711eec0e3

Aliases

arxiv: 2605.13044 · arxiv_version: 2605.13044v1 · doi: 10.48550/arxiv.2605.13044 · pith_short_12: LAMVZL55NLR2 · pith_short_16: LAMVZL55NLR2ELZD · pith_short_8: LAMVZL55

Agent API

Resolver JSON Graph JSON Events JSON Schema Signing key

Verify this Pith Number yourself

curl -sH 'Accept: application/ld+json' https://pith.science/pith/LAMVZL55NLR2ELZD6OT6IPCZHQ \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: 58195cafbd6ae3a22f23f3a7e43c593c327f4e1709256f8be974b1c711eec0e3

Canonical record JSON

{
  "metadata": {
    "abstract_canon_sha256": "feed09222daebb86cba930179319ecfddb9787426bad39989e37550bb26d8c58",
    "cross_cats_sorted": [
      "cs.AI"
    ],
    "license": "http://arxiv.org/licenses/nonexclusive-distrib/1.0/",
    "primary_cat": "cs.CR",
    "submitted_at": "2026-05-13T05:57:06Z",
    "title_canon_sha256": "094b2fe3ecaec35e781f9c96c800da0b2cb290858a007e5f726d163082fbc109"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2605.13044",
    "kind": "arxiv",
    "version": 1
  }
}