ExplorerComputer ScienceCybersecurity
Research PaperResearchia:202607.16017

Agent Skill Security: Threat Models, Attacks, Defenses, and Evaluation

Sanket Badhe

Abstract

Reusable skills are becoming a fundamental building block of Large Language Model (LLM) agents, enabling capabilities to be packaged, shared, and reused across diverse applications. However, existing security research primarily focuses on prompt injection and runtime execution, leaving security risks throughout the broader skill lifecycle largely unexplored. In this paper, we present SkillSec-Eval, a lifecycle-aware framework for systematically evaluating the security of reusable agent skills. W...

Submitted: July 16, 2026Subjects: Cybersecurity; Computer Science

Description / Details

Reusable skills are becoming a fundamental building block of Large Language Model (LLM) agents, enabling capabilities to be packaged, shared, and reused across diverse applications. However, existing security research primarily focuses on prompt injection and runtime execution, leaving security risks throughout the broader skill lifecycle largely unexplored. In this paper, we present SkillSec-Eval, a lifecycle-aware framework for systematically evaluating the security of reusable agent skills. We first characterize the skill lifecycle and develop a threat taxonomy spanning repository admission, semantic retrieval, planner selection, execution, and skill evolution. We then instantiate this taxonomy in SkillSec-Eval and conduct a comprehensive empirical evaluation using a repository of 327 real-world skills. Our study demonstrates that vulnerabilities arise at multiple lifecycle stages beyond execution, highlighting the need for lifecycle-aware security analysis of reusable agent skills.


Source: arXiv:2607.13987v1 - http://arxiv.org/abs/2607.13987v1 PDF: https://arxiv.org/pdf/2607.13987v1 Original Link: http://arxiv.org/abs/2607.13987v1

Please sign in to join the discussion.

No comments yet. Be the first to share your thoughts!

Access Paper
View Source PDF
Submission Info
Date:
Jul 16, 2026
Topic:
Computer Science
Area:
Cybersecurity
Comments:
0
Bookmark