{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2026:LLSTEVJN7CWNKDS7CZ6TNRNGKB","short_pith_number":"pith:LLSTEVJN","schema_version":"1.0","canonical_sha256":"5ae532552df8acd50e5f167d36c5a6504c72e8f3be17b10d1ebebeefb59c2725","source":{"kind":"arxiv","id":"2603.16572","version":2},"attestation_state":"computed","paper":{"title":"Context Matters: Repository-Aware Security Analysis of the Agent Skill Ecosystem","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.AI"],"primary_cat":"cs.CR","authors_text":"David Schmidt, Florian Holzbauer, Gabriel Gegenhuber, Johanna Ullrich, Sebastian Schrittwieser","submitted_at":"2026-03-17T14:27:35Z","abstract_excerpt":"Agent skills extend local AI agents, such as Claude Code and OpenClaw, with additional functionality. Their growing popularity has led to dedicated marketplaces resembling mobile app stores, as well as automated scanners that assess whether skills are benign or malicious. However, scanner reports from individual marketplaces classify up to 46.8% of skills as malicious, raising concerns about false positives. We present the largest empirical security analysis of the AI agent skill ecosystem to date. We collect 238,180 unique skills from three major distribution platforms and GitHub, and analyze"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2603.16572","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-03-17T14:27:35Z","cross_cats_sorted":["cs.AI"],"title_canon_sha256":"0773658749de2db917a46f10e1a263c895da617732aa80054f968688a4b62226","abstract_canon_sha256":"273f7769d13324cb573fa4e4bbcd4e91884b86692c124185e16966552b7b1b2a"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-06-02T02:04:52.447808Z","signature_b64":"3O9DDQjaGr/5VPYtJmfCVHWXy15nSAkY7sv3V6czE5HHQakC5Bzyhq1G3Gae4dzOC+fqhFc0Y5cq054lmVFnAg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"5ae532552df8acd50e5f167d36c5a6504c72e8f3be17b10d1ebebeefb59c2725","last_reissued_at":"2026-06-02T02:04:52.447308Z","signature_status":"signed_v1","first_computed_at":"2026-06-02T02:04:52.447308Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Context Matters: Repository-Aware Security Analysis of the Agent Skill Ecosystem","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.AI"],"primary_cat":"cs.CR","authors_text":"David Schmidt, Florian Holzbauer, Gabriel Gegenhuber, Johanna Ullrich, Sebastian Schrittwieser","submitted_at":"2026-03-17T14:27:35Z","abstract_excerpt":"Agent skills extend local AI agents, such as Claude Code and OpenClaw, with additional functionality. Their growing popularity has led to dedicated marketplaces resembling mobile app stores, as well as automated scanners that assess whether skills are benign or malicious. However, scanner reports from individual marketplaces classify up to 46.8% of skills as malicious, raising concerns about false positives. We present the largest empirical security analysis of the AI agent skill ecosystem to date. We collect 238,180 unique skills from three major distribution platforms and GitHub, and analyze"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2603.16572","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2603.16572/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2603.16572","created_at":"2026-06-02T02:04:52.447376+00:00"},{"alias_kind":"arxiv_version","alias_value":"2603.16572v2","created_at":"2026-06-02T02:04:52.447376+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2603.16572","created_at":"2026-06-02T02:04:52.447376+00:00"},{"alias_kind":"pith_short_12","alias_value":"LLSTEVJN7CWN","created_at":"2026-06-02T02:04:52.447376+00:00"},{"alias_kind":"pith_short_16","alias_value":"LLSTEVJN7CWNKDS7","created_at":"2026-06-02T02:04:52.447376+00:00"},{"alias_kind":"pith_short_8","alias_value":"LLSTEVJN","created_at":"2026-06-02T02:04:52.447376+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":3,"internal_anchor_count":3,"sample":[{"citing_arxiv_id":"2605.11418","citing_title":"Under the Hood of SKILL.md: Semantic Supply-chain Attacks on AI Agent Skill Registry","ref_index":14,"is_internal_anchor":true},{"citing_arxiv_id":"2604.25109","citing_title":"Structured Security Auditing and Robustness Enhancement for Untrusted Agent Skills","ref_index":6,"is_internal_anchor":true},{"citing_arxiv_id":"2605.05274","citing_title":"Sealing the Audit-Runtime Gap for LLM Skills","ref_index":14,"is_internal_anchor":true}]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/LLSTEVJN7CWNKDS7CZ6TNRNGKB","json":"https://pith.science/pith/LLSTEVJN7CWNKDS7CZ6TNRNGKB.json","graph_json":"https://pith.science/api/pith-number/LLSTEVJN7CWNKDS7CZ6TNRNGKB/graph.json","events_json":"https://pith.science/api/pith-number/LLSTEVJN7CWNKDS7CZ6TNRNGKB/events.json","paper":"https://pith.science/paper/LLSTEVJN"},"agent_actions":{"view_html":"https://pith.science/pith/LLSTEVJN7CWNKDS7CZ6TNRNGKB","download_json":"https://pith.science/pith/LLSTEVJN7CWNKDS7CZ6TNRNGKB.json","view_paper":"https://pith.science/paper/LLSTEVJN","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2603.16572&json=true","fetch_graph":"https://pith.science/api/pith-number/LLSTEVJN7CWNKDS7CZ6TNRNGKB/graph.json","fetch_events":"https://pith.science/api/pith-number/LLSTEVJN7CWNKDS7CZ6TNRNGKB/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/LLSTEVJN7CWNKDS7CZ6TNRNGKB/action/timestamp_anchor","attest_storage":"https://pith.science/pith/LLSTEVJN7CWNKDS7CZ6TNRNGKB/action/storage_attestation","attest_author":"https://pith.science/pith/LLSTEVJN7CWNKDS7CZ6TNRNGKB/action/author_attestation","sign_citation":"https://pith.science/pith/LLSTEVJN7CWNKDS7CZ6TNRNGKB/action/citation_signature","submit_replication":"https://pith.science/pith/LLSTEVJN7CWNKDS7CZ6TNRNGKB/action/replication_record"}},"created_at":"2026-06-02T02:04:52.447376+00:00","updated_at":"2026-06-02T02:04:52.447376+00:00"}