{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2026:LAMVZL55NLR2ELZD6OT6IPCZHQ","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"feed09222daebb86cba930179319ecfddb9787426bad39989e37550bb26d8c58","cross_cats_sorted":["cs.AI"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-05-13T05:57:06Z","title_canon_sha256":"094b2fe3ecaec35e781f9c96c800da0b2cb290858a007e5f726d163082fbc109"},"schema_version":"1.0","source":{"id":"2605.13044","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2605.13044","created_at":"2026-05-18T03:08:59Z"},{"alias_kind":"arxiv_version","alias_value":"2605.13044v1","created_at":"2026-05-18T03:08:59Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2605.13044","created_at":"2026-05-18T03:08:59Z"},{"alias_kind":"pith_short_12","alias_value":"LAMVZL55NLR2","created_at":"2026-05-18T12:33:37Z"},{"alias_kind":"pith_short_16","alias_value":"LAMVZL55NLR2ELZD","created_at":"2026-05-18T12:33:37Z"},{"alias_kind":"pith_short_8","alias_value":"LAMVZL55","created_at":"2026-05-18T12:33:37Z"}],"graph_snapshots":[{"event_id":"sha256:861eaa2b2839971b2e7b5465f89d58a73be954bdedc6ab8a2f43e78b13cb3215","target":"graph","created_at":"2026-05-18T03:08:59Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":4,"items":[{"attestation":"unclaimed","claim_id":"C1","kind":"strongest_claim","source":"verdict.strongest_claim","status":"machine_extracted","text":"On 402 real-world skills, Sefz finds specification violations in 120 (29.9%), including 26 previously unknown exploitable guardrail violations in deployed skills."},{"attestation":"unclaimed","claim_id":"C2","kind":"weakest_assumption","source":"verdict.weakest_assumption","status":"machine_extracted","text":"That translating natural-language guardrails into deterministic reachability goals over execution traces accurately captures the intended semantics without introducing false violations or missing real ones."},{"attestation":"unclaimed","claim_id":"C3","kind":"one_line_summary","source":"verdict.one_line_summary","status":"machine_extracted","text":"Sefz discovers specification violations in 29.9% of 402 real-world agent skills by translating guardrails into reachability goals and guiding LLM mutations with a multi-armed bandit."},{"attestation":"unclaimed","claim_id":"C4","kind":"headline","source":"verdict.pith_extraction.headline","status":"machine_extracted","text":"Semantic fuzzing detects specification violations in 30 percent of real-world agent skills on ordinary inputs."}],"snapshot_sha256":"2e97618e4f67b2670fdf9412bc7fc22cd3ffcca60759696aaa4302fd46b73687"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"LLM-powered agents can silently delete documents, leak credentials, or transfer funds on a routine user request, not because the agent was attacked, but because the skill it invoked broke its own declared safety rules. We call these specification violations: benign inputs cause a skill to breach the natural-language guardrails in its own specification, typically because the guardrail's semantics are undefined for autonomous execution, or because the implementation silently ignores the documented constraint. These violations are invisible to static analyzers, traditional fuzzers, and prompt-inj","authors_text":"Hanzhi Liu, Hongbo Wen, Yanju Chen, Ying Li, Yuan Tian, Yu Feng","cross_cats":["cs.AI"],"headline":"Semantic fuzzing detects specification violations in 30 percent of real-world agent skills on ordinary inputs.","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-05-13T05:57:06Z","title":"No Attack Required: Semantic Fuzzing for Specification Violations in Agent Skills"},"references":{"count":48,"internal_anchors":4,"resolved_work":48,"sample":[{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":1,"title":"Agentic ai: Autonomous intelligence for complex goals–a comprehensive survey","work_id":"8760adfa-aa82-41f5-8db3-db26affa9338","year":2025},{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":2,"title":"The landscape of prompt injection threats in llm agents: From taxonomy to analysis","work_id":"16c524eb-7f93-4bcc-bcb4-d30238f9c00a","year":2026},{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":3,"title":"Agent skills overview","work_id":"b3aa2f4d-865a-49b9-9372-049951c41e39","year":2026},{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":4,"title":"ClawHub Community. ClawHub. https://clawhub.ai/, 2026. Accessed: 2026-05-07","work_id":"a715f9dc-8ba9-47f9-8742-2f11952c8d35","year":2026},{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":5,"title":"Openclaw — personal ai assistant","work_id":"79cc64ae-2a02-45cc-8f86-f172b58c3f37","year":2026}],"snapshot_sha256":"2231a655d63862f773c1ce4bd142085b79bd6332e00bff122ceab2793c679b29"},"source":{"id":"2605.13044","kind":"arxiv","version":1},"verdict":{"created_at":"2026-05-14T19:11:44.275090Z","id":"1f71460c-539e-4c77-bd4e-be1700fcdbe1","model_set":{"reader":"grok-4.3"},"one_line_summary":"Sefz discovers specification violations in 29.9% of 402 real-world agent skills by translating guardrails into reachability goals and guiding LLM mutations with a multi-armed bandit.","pipeline_version":"pith-pipeline@v0.9.0","pith_extraction_headline":"Semantic fuzzing detects specification violations in 30 percent of real-world agent skills on ordinary inputs.","strongest_claim":"On 402 real-world skills, Sefz finds specification violations in 120 (29.9%), including 26 previously unknown exploitable guardrail violations in deployed skills.","weakest_assumption":"That translating natural-language guardrails into deterministic reachability goals over execution traces accurately captures the intended semantics without introducing false violations or missing real ones."}},"verdict_id":"1f71460c-539e-4c77-bd4e-be1700fcdbe1"}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:5f4b0dd61f9fbf848be4b3e4a14dc4b8a6bc7029ac61ccde77b8633afe3df4e7","target":"record","created_at":"2026-05-18T03:08:59Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"feed09222daebb86cba930179319ecfddb9787426bad39989e37550bb26d8c58","cross_cats_sorted":["cs.AI"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-05-13T05:57:06Z","title_canon_sha256":"094b2fe3ecaec35e781f9c96c800da0b2cb290858a007e5f726d163082fbc109"},"schema_version":"1.0","source":{"id":"2605.13044","kind":"arxiv","version":1}},"canonical_sha256":"58195cafbd6ae3a22f23f3a7e43c593c327f4e1709256f8be974b1c711eec0e3","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"58195cafbd6ae3a22f23f3a7e43c593c327f4e1709256f8be974b1c711eec0e3","first_computed_at":"2026-05-18T03:08:59.476048Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T03:08:59.476048Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"UJ7oPg6HXljpx7mWlqWBHm9l9B1XtuIRsXKcktbp5Vvaw4ZQD28s2Th0GetOCMi4gxDxeBJzLJcEceXqi+FdAg==","signature_status":"signed_v1","signed_at":"2026-05-18T03:08:59.476661Z","signed_message":"canonical_sha256_bytes"},"source_id":"2605.13044","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:5f4b0dd61f9fbf848be4b3e4a14dc4b8a6bc7029ac61ccde77b8633afe3df4e7","sha256:861eaa2b2839971b2e7b5465f89d58a73be954bdedc6ab8a2f43e78b13cb3215"],"state_sha256":"494c2f5bf1c05199589f2edef3e1069bfc615a6855c0f6c27039f9c52c198813"}