pith:LBWCGS6P
Exploiting LLM Agent Supply Chains via Payload-less Skills
Semantic Compliance Hijacking makes LLM agents generate and run malicious code by presenting attacks as natural-language compliance rules in third-party skills.
arxiv:2605.14460 v1 · 2026-05-14 · cs.CR · cs.SE
Add to your LaTeX paper
\usepackage{pith}
\pithnumber{LBWCGS6PJNG53XSWBZEIZSHFTO}
Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge
Record completeness
Claims
SCH achieving peak success rates of up to 77.67% for confidentiality breaches and 67.33% for Remote Code Execution (RCE) under the most vulnerable configurations, with 0.00% detection rate by current scanning tools.
That the tested agent frameworks will faithfully interpret and execute the dynamically generated code from the disguised natural-language compliance rules without additional safeguards or user confirmation.
Semantic Compliance Hijacking lets attackers hijack LLM agents by disguising malicious instructions as compliance rules in skills, reaching up to 77.67% success on confidentiality breaches and 67.33% on RCE while evading all tested scanners.
References
Formal links
Cited by
Receipt and verification
| First computed | 2026-05-17T23:39:06.788820Z |
|---|---|
| Builder | pith-number-builder-2026-05-17-v1 |
| Signature | Pith Ed25519
(pith-v1-2026-05) · public key |
| Schema | pith-number/v1.0 |
Canonical hash
586c234bcf4b4dddde560e488cc8e59bbbb44842574eab31e8483267353a1c44
Aliases
· · · · ·Agent API
Verify this Pith Number yourself
curl -sH 'Accept: application/ld+json' https://pith.science/pith/LBWCGS6PJNG53XSWBZEIZSHFTO \
| jq -c '.canonical_record' \
| python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: 586c234bcf4b4dddde560e488cc8e59bbbb44842574eab31e8483267353a1c44
Canonical record JSON
{
"metadata": {
"abstract_canon_sha256": "5b52e669a84f54bfb03b12cfd1fe8e20b5f4a6dc4c607ab7cbcee35d0a556b58",
"cross_cats_sorted": [
"cs.SE"
],
"license": "http://arxiv.org/licenses/nonexclusive-distrib/1.0/",
"primary_cat": "cs.CR",
"submitted_at": "2026-05-14T06:55:47Z",
"title_canon_sha256": "e001e400df9a8f95e949829d2791a4bd93724ee8b2d73f37b7b7095c2f6d2bdd"
},
"schema_version": "1.0",
"source": {
"id": "2605.14460",
"kind": "arxiv",
"version": 1
}
}