{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2026:PZRQRBX2FLQER6BOYRGYZVDBZN","short_pith_number":"pith:PZRQRBX2","canonical_record":{"source":{"id":"2606.07131","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/publicdomain/zero/1.0/","primary_cat":"cs.CR","submitted_at":"2026-06-05T10:43:19Z","cross_cats_sorted":["cs.SE"],"title_canon_sha256":"1c207c0ed331fcd273ecde13edecd1123bd6c3c0619f208ecfc816f9e490a0ba","abstract_canon_sha256":"2931fcd2b8026b35b9bb779bfd56614294ec9f9dd208bdc44fc0b7eec0098a7f"},"schema_version":"1.0"},"canonical_sha256":"7e630886fa2ae048f82ec44d8cd461cb6e9b2ffeb97405b66a01ebdb2f26e8fb","source":{"kind":"arxiv","id":"2606.07131","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2606.07131","created_at":"2026-06-08T01:04:48Z"},{"alias_kind":"arxiv_version","alias_value":"2606.07131v1","created_at":"2026-06-08T01:04:48Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2606.07131","created_at":"2026-06-08T01:04:48Z"},{"alias_kind":"pith_short_12","alias_value":"PZRQRBX2FLQE","created_at":"2026-06-08T01:04:48Z"},{"alias_kind":"pith_short_16","alias_value":"PZRQRBX2FLQER6BO","created_at":"2026-06-08T01:04:48Z"},{"alias_kind":"pith_short_8","alias_value":"PZRQRBX2","created_at":"2026-06-08T01:04:48Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2026:PZRQRBX2FLQER6BOYRGYZVDBZN","target":"record","payload":{"canonical_record":{"source":{"id":"2606.07131","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/publicdomain/zero/1.0/","primary_cat":"cs.CR","submitted_at":"2026-06-05T10:43:19Z","cross_cats_sorted":["cs.SE"],"title_canon_sha256":"1c207c0ed331fcd273ecde13edecd1123bd6c3c0619f208ecfc816f9e490a0ba","abstract_canon_sha256":"2931fcd2b8026b35b9bb779bfd56614294ec9f9dd208bdc44fc0b7eec0098a7f"},"schema_version":"1.0"},"canonical_sha256":"7e630886fa2ae048f82ec44d8cd461cb6e9b2ffeb97405b66a01ebdb2f26e8fb","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-06-08T01:04:48.323559Z","signature_b64":"5Htl9MMd2Bwj0AkAIinJGMWmTxhw7FE5BDwCNj2fiEYFT/eszmCrs98/jlRj2ZgWIatiEAueVUjHJWB2CUFIBw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"7e630886fa2ae048f82ec44d8cd461cb6e9b2ffeb97405b66a01ebdb2f26e8fb","last_reissued_at":"2026-06-08T01:04:48.322643Z","signature_status":"signed_v1","first_computed_at":"2026-06-08T01:04:48.322643Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2606.07131","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-06-08T01:04:48Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"CnVeYFnguVWJMIVLv1PYU5x+MBv6eRsYHKlboLz4Y6+ySMUNuzaeVdvD8pBNi2+gmrP4JPEy8mQFqOiMj37JAg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-11T03:59:41.564273Z"},"content_sha256":"61bf2869c31869eadca65e5d6c5ba1842f2e8c456649770603af1c3a87d0d32e","schema_version":"1.0","event_id":"sha256:61bf2869c31869eadca65e5d6c5ba1842f2e8c456649770603af1c3a87d0d32e"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2026:PZRQRBX2FLQER6BOYRGYZVDBZN","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"MalSkillBench: A Runtime-Verified Benchmark of Malicious Agent Skills","license":"http://creativecommons.org/publicdomain/zero/1.0/","headline":"","cross_cats":["cs.SE"],"primary_cat":"cs.CR","authors_text":"Chengwei Liu, Lei Tang, Wei Zeng, Wenbo Guo, Xiaojun Jia, Yang Liu, Yijia Xu, Yong Fang","submitted_at":"2026-06-05T10:43:19Z","abstract_excerpt":"AI coding agents such as Claude Code and Gemini CLI increasingly extend themselves with third-party skills: markdown packages bundling natural-language instructions, executable scripts, and tool permissions. Because a skill is at once code and agent-facing instruction, it introduces a supply chain dependency whose risk is neither pure code nor pure prompt. Detection tools have never been measured against verified ground truth spanning this hybrid space, leaving their effectiveness unknown and wild-only evaluations biased.\n  We present MalSkillBench, the first runtime-verified benchmark of mali"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2606.07131","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2606.07131/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-06-08T01:04:48Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"F1NqDRXCCW10D8cv2hTXAr2IsOfo9J5y+RI5scOg7CX/X3C8WNTqKvMx+lz6+ygJrZ3rYlgNlnzLwvT46RkdCQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-11T03:59:41.565058Z"},"content_sha256":"a9e941a6bef920db918ed878378c6f907dec4932acfb4fb38eaf08a4d79f439e","schema_version":"1.0","event_id":"sha256:a9e941a6bef920db918ed878378c6f907dec4932acfb4fb38eaf08a4d79f439e"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/PZRQRBX2FLQER6BOYRGYZVDBZN/bundle.json","state_url":"https://pith.science/pith/PZRQRBX2FLQER6BOYRGYZVDBZN/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/PZRQRBX2FLQER6BOYRGYZVDBZN/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-11T03:59:41Z","links":{"resolver":"https://pith.science/pith/PZRQRBX2FLQER6BOYRGYZVDBZN","bundle":"https://pith.science/pith/PZRQRBX2FLQER6BOYRGYZVDBZN/bundle.json","state":"https://pith.science/pith/PZRQRBX2FLQER6BOYRGYZVDBZN/state.json","well_known_bundle":"https://pith.science/.well-known/pith/PZRQRBX2FLQER6BOYRGYZVDBZN/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2026:PZRQRBX2FLQER6BOYRGYZVDBZN","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"2931fcd2b8026b35b9bb779bfd56614294ec9f9dd208bdc44fc0b7eec0098a7f","cross_cats_sorted":["cs.SE"],"license":"http://creativecommons.org/publicdomain/zero/1.0/","primary_cat":"cs.CR","submitted_at":"2026-06-05T10:43:19Z","title_canon_sha256":"1c207c0ed331fcd273ecde13edecd1123bd6c3c0619f208ecfc816f9e490a0ba"},"schema_version":"1.0","source":{"id":"2606.07131","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2606.07131","created_at":"2026-06-08T01:04:48Z"},{"alias_kind":"arxiv_version","alias_value":"2606.07131v1","created_at":"2026-06-08T01:04:48Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2606.07131","created_at":"2026-06-08T01:04:48Z"},{"alias_kind":"pith_short_12","alias_value":"PZRQRBX2FLQE","created_at":"2026-06-08T01:04:48Z"},{"alias_kind":"pith_short_16","alias_value":"PZRQRBX2FLQER6BO","created_at":"2026-06-08T01:04:48Z"},{"alias_kind":"pith_short_8","alias_value":"PZRQRBX2","created_at":"2026-06-08T01:04:48Z"}],"graph_snapshots":[{"event_id":"sha256:a9e941a6bef920db918ed878378c6f907dec4932acfb4fb38eaf08a4d79f439e","target":"graph","created_at":"2026-06-08T01:04:48Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2606.07131/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"AI coding agents such as Claude Code and Gemini CLI increasingly extend themselves with third-party skills: markdown packages bundling natural-language instructions, executable scripts, and tool permissions. Because a skill is at once code and agent-facing instruction, it introduces a supply chain dependency whose risk is neither pure code nor pure prompt. Detection tools have never been measured against verified ground truth spanning this hybrid space, leaving their effectiveness unknown and wild-only evaluations biased.\n  We present MalSkillBench, the first runtime-verified benchmark of mali","authors_text":"Chengwei Liu, Lei Tang, Wei Zeng, Wenbo Guo, Xiaojun Jia, Yang Liu, Yijia Xu, Yong Fang","cross_cats":["cs.SE"],"headline":"","license":"http://creativecommons.org/publicdomain/zero/1.0/","primary_cat":"cs.CR","submitted_at":"2026-06-05T10:43:19Z","title":"MalSkillBench: A Runtime-Verified Benchmark of Malicious Agent Skills"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2606.07131","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:61bf2869c31869eadca65e5d6c5ba1842f2e8c456649770603af1c3a87d0d32e","target":"record","created_at":"2026-06-08T01:04:48Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"2931fcd2b8026b35b9bb779bfd56614294ec9f9dd208bdc44fc0b7eec0098a7f","cross_cats_sorted":["cs.SE"],"license":"http://creativecommons.org/publicdomain/zero/1.0/","primary_cat":"cs.CR","submitted_at":"2026-06-05T10:43:19Z","title_canon_sha256":"1c207c0ed331fcd273ecde13edecd1123bd6c3c0619f208ecfc816f9e490a0ba"},"schema_version":"1.0","source":{"id":"2606.07131","kind":"arxiv","version":1}},"canonical_sha256":"7e630886fa2ae048f82ec44d8cd461cb6e9b2ffeb97405b66a01ebdb2f26e8fb","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"7e630886fa2ae048f82ec44d8cd461cb6e9b2ffeb97405b66a01ebdb2f26e8fb","first_computed_at":"2026-06-08T01:04:48.322643Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-06-08T01:04:48.322643Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"5Htl9MMd2Bwj0AkAIinJGMWmTxhw7FE5BDwCNj2fiEYFT/eszmCrs98/jlRj2ZgWIatiEAueVUjHJWB2CUFIBw==","signature_status":"signed_v1","signed_at":"2026-06-08T01:04:48.323559Z","signed_message":"canonical_sha256_bytes"},"source_id":"2606.07131","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:61bf2869c31869eadca65e5d6c5ba1842f2e8c456649770603af1c3a87d0d32e","sha256:a9e941a6bef920db918ed878378c6f907dec4932acfb4fb38eaf08a4d79f439e"],"state_sha256":"3a74f7cb298bbe96fa772a34c9e2ad170a0de302853d392e0c66c64fabb19e5c"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"fVKg9/HSwoxwD9M/IjP6qjA4cMxZYhUTB/isOIDhLfm3NE8SrEhwxAK7Sb5eO14mIi0hpNEoiYXNnAsEimb2BQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-11T03:59:41.568769Z","bundle_sha256":"1c38415572b3d130e61e4533d0e2d4c6cc8e802633a0d37e70b136e635100736"}}