{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2026:LJF2W5WMAIGTPJ6XG3T4GBFQVC","short_pith_number":"pith:LJF2W5WM","schema_version":"1.0","canonical_sha256":"5a4bab76cc020d37a7d736e7c304b0a8803d821eabf7bacb9592e365ae84bc65","source":{"kind":"arxiv","id":"2606.16287","version":2},"attestation_state":"computed","paper":{"title":"Dynamic Malicious Skills in Agentic AI","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Neil Zhenqiang Gong, Tianhao Chen, Yebei Gou, Yuepeng Hu, Zhengyuan Jiang","submitted_at":"2026-06-15T06:51:28Z","abstract_excerpt":"Skills are a key enabling component of agentic AI. While they enhance agents' capabilities, they also introduce new attack surfaces. In this work, we investigate one such attack surface by demonstrating dynamic malicious skills. By embedding malicious instructions in natural-language documentation (e.g., SKILL.md), an attacker can induce an agent to dynamically inject malicious logic into an otherwise benign skill during execution. We evaluate this attack across agentic frameworks such as OpenHands and Claude Code, showing that dynamic malicious skills can successfully introduce a range of mal"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2606.16287","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-06-15T06:51:28Z","cross_cats_sorted":[],"title_canon_sha256":"83f1588245c41fe3572dfbf0a60e913750746f49b01b0982c1d16c0e31c65c1c","abstract_canon_sha256":"e427565a5e1763ebdf603cd60d3bef96dec5da71d27b9791bd4deb9ee8460019"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-06-19T16:10:01.714680Z","signature_b64":"/3gscNCBnQ0eZo+T43i/FyUwSIe0IZoS4PA6ERCUY4qEa+6pYxj9CPwqCBxk4mkwoJUI5saUjlozAJPs2POhBQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"5a4bab76cc020d37a7d736e7c304b0a8803d821eabf7bacb9592e365ae84bc65","last_reissued_at":"2026-06-19T16:10:01.714285Z","signature_status":"signed_v1","first_computed_at":"2026-06-19T16:10:01.714285Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Dynamic Malicious Skills in Agentic AI","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Neil Zhenqiang Gong, Tianhao Chen, Yebei Gou, Yuepeng Hu, Zhengyuan Jiang","submitted_at":"2026-06-15T06:51:28Z","abstract_excerpt":"Skills are a key enabling component of agentic AI. While they enhance agents' capabilities, they also introduce new attack surfaces. In this work, we investigate one such attack surface by demonstrating dynamic malicious skills. By embedding malicious instructions in natural-language documentation (e.g., SKILL.md), an attacker can induce an agent to dynamically inject malicious logic into an otherwise benign skill during execution. We evaluate this attack across agentic frameworks such as OpenHands and Claude Code, showing that dynamic malicious skills can successfully introduce a range of mal"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2606.16287","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2606.16287/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2606.16287","created_at":"2026-06-19T16:10:01.714364+00:00"},{"alias_kind":"arxiv_version","alias_value":"2606.16287v2","created_at":"2026-06-19T16:10:01.714364+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2606.16287","created_at":"2026-06-19T16:10:01.714364+00:00"},{"alias_kind":"pith_short_12","alias_value":"LJF2W5WMAIGT","created_at":"2026-06-19T16:10:01.714364+00:00"},{"alias_kind":"pith_short_16","alias_value":"LJF2W5WMAIGTPJ6X","created_at":"2026-06-19T16:10:01.714364+00:00"},{"alias_kind":"pith_short_8","alias_value":"LJF2W5WM","created_at":"2026-06-19T16:10:01.714364+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/LJF2W5WMAIGTPJ6XG3T4GBFQVC","json":"https://pith.science/pith/LJF2W5WMAIGTPJ6XG3T4GBFQVC.json","graph_json":"https://pith.science/api/pith-number/LJF2W5WMAIGTPJ6XG3T4GBFQVC/graph.json","events_json":"https://pith.science/api/pith-number/LJF2W5WMAIGTPJ6XG3T4GBFQVC/events.json","paper":"https://pith.science/paper/LJF2W5WM"},"agent_actions":{"view_html":"https://pith.science/pith/LJF2W5WMAIGTPJ6XG3T4GBFQVC","download_json":"https://pith.science/pith/LJF2W5WMAIGTPJ6XG3T4GBFQVC.json","view_paper":"https://pith.science/paper/LJF2W5WM","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2606.16287&json=true","fetch_graph":"https://pith.science/api/pith-number/LJF2W5WMAIGTPJ6XG3T4GBFQVC/graph.json","fetch_events":"https://pith.science/api/pith-number/LJF2W5WMAIGTPJ6XG3T4GBFQVC/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/LJF2W5WMAIGTPJ6XG3T4GBFQVC/action/timestamp_anchor","attest_storage":"https://pith.science/pith/LJF2W5WMAIGTPJ6XG3T4GBFQVC/action/storage_attestation","attest_author":"https://pith.science/pith/LJF2W5WMAIGTPJ6XG3T4GBFQVC/action/author_attestation","sign_citation":"https://pith.science/pith/LJF2W5WMAIGTPJ6XG3T4GBFQVC/action/citation_signature","submit_replication":"https://pith.science/pith/LJF2W5WMAIGTPJ6XG3T4GBFQVC/action/replication_record"}},"created_at":"2026-06-19T16:10:01.714364+00:00","updated_at":"2026-06-19T16:10:01.714364+00:00"}