{"total":14,"items":[{"citing_arxiv_id":"2605.17169","ref_index":23,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Responsible Agentic AI Requires Explicit Provenance","primary_cat":"cs.AI","submitted_at":"2026-05-16T21:56:33+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":4.0,"formal_verification":"none","one_line_summary":"Explicit provenance across the full agentic AI lifecycle is the necessary condition for making responsibility computable and actionable.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2605.16986","ref_index":7,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Skills on the Fly: Test-Time Adaptive Skill Synthesis for LLM Agents","primary_cat":"cs.CL","submitted_at":"2026-05-16T13:14:15+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":7.0,"formal_verification":"none","one_line_summary":"SkillTTA synthesizes temporary task-specific skills from retrieved training trajectories to boost LLM agent Pass@1 scores on SpreadsheetBench and BigCodeBench without parameter updates.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2605.15710","ref_index":4,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"SMMBench: A Benchmark for Source-Distributed Multimodal Agent Memory","primary_cat":"cs.CL","submitted_at":"2026-05-15T08:00:46+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":7.0,"formal_verification":"none","one_line_summary":"SMMBench is a benchmark evaluating multimodal agents on cross-source reasoning, conflict resolution, preference reasoning, and action prediction, showing current systems struggle with evidence distributed across heterogeneous sources.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2605.13044","ref_index":15,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"No Attack Required: Semantic Fuzzing for Specification Violations in Agent Skills","primary_cat":"cs.CR","submitted_at":"2026-05-13T05:57:06+00:00","verdict":"UNVERDICTED","verdict_confidence":"MODERATE","novelty_score":7.0,"formal_verification":"none","one_line_summary":"Sefz discovers specification violations in 29.9% of 402 real-world agent skills by translating guardrails into reachability goals and guiding LLM mutations with a multi-armed bandit.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2605.11891","ref_index":9,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Proteus: A Self-Evolving Red Team for Agent Skill Ecosystems","primary_cat":"cs.CR","submitted_at":"2026-05-12T10:05:54+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":7.0,"formal_verification":"none","one_line_summary":"Proteus demonstrates that adaptive red-teaming achieves 40-90% attack success after five rounds and bypasses even strong auditors at up to 41% joint success, revealing that static skill vetting underestimates residual risk.","context_count":1,"top_context_role":"background","top_context_polarity":"background","context_text":"The central security question is not only whether an auditor rejects a fixed malicious skill once, but whether a realistic attacker can revise a skill until it passes vetting and causes runtime harm. Existing work on agent-skill security has exposed important risks, but it still evaluates mostly fixed artifacts: hand-crafted or template-driven malicious skills, static scanner datasets, or single-round attacks against a particular loading mechanism [ 9, 11, 19, 20]. These studies show what current auditors catch in a snapshot, not how much risk remains when an attacker repeatedly revises a skill using audit and runtime feedback. Open-source skill auditors moreover publish their audit code and rule sets, so any skill author can locally reproduce the structured findings their submissions would Preprint."},{"citing_arxiv_id":"2605.11047","ref_index":5,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Red-Teaming Agent Execution Contexts: Open-World Security Evaluation on OpenClaw","primary_cat":"cs.CR","submitted_at":"2026-05-11T13:20:02+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"DeepTrap automates discovery of contextual vulnerabilities in OpenClaw agents via trajectory optimization, showing that unsafe behavior can be induced while preserving task completion and that final-response checks are insufficient.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2605.09915","ref_index":6,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Position: Academic Conferences are Potentially Facing Denominator Gaming Caused by Fully Automated Scientific Agents","primary_cat":"cs.CL","submitted_at":"2026-05-11T03:07:15+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"Malicious actors could use AI agents to submit large numbers of fake papers, inflating the submission count and thereby raising the acceptance odds for a small set of chosen legitimate papers under stable conference acceptance rates.","context_count":1,"top_context_role":"background","top_context_polarity":"background","context_text":"org/conference/aaai/aaai-26/review -process/, 2025. Adam, D. The peer-review crisis: how to fix an overloaded system.Nature, 644(8075):24-27, 2025. arXiv. The arxiv endorsement system. https://info .arxiv.org/help/endorsement.html. Bricker-Anthony, C. and Herzog, R. W. Distortion of jour- nal impact factors in the era of paper mills.Molecular Therapy, 31(6):1503-1504, 2023. Butler, N. and Spoelstra, S. Academics at play: Why the \"publication game\" is more than a metaphor.Management Learning, 51(4):414-430, 2020. Byrne, J. A., Abalkina, A., Akinduro-Aje, O., Christopher, J., Eaton, S. E., Joshi, N., Scheffler, U., Wise, N. H., and Wright, J. A call for research to address the threat of paper mills.PLoS Biology, 22(11):e3002931, 2024."},{"citing_arxiv_id":"2605.09594","ref_index":46,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Trust Me, Import This: Dependency Steering Attacks via Malicious Agent Skills","primary_cat":"cs.CR","submitted_at":"2026-05-10T15:13:38+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":7.0,"formal_verification":"none","one_line_summary":"Malicious Skills induce coding agents to hallucinate and import attacker-controlled packages at high rates while evading detection.","context_count":1,"top_context_role":"baseline","top_context_polarity":"baseline","context_text":"from 0 to 100 together with a five-tier severity verdict: Safe, Low, Medium, High, and Critical. B. Defense D2: LLM/Agent-Based Skill Auditor In addition to traditional static-analysis tools, we also em- ploy LLM- and agent-based approaches to analyze Skills. Specifically, we use Snyk Agent Red Teaming [44], Cisco Skill Scanner with its optional LLM analyzer, SkillCheck by Mondoo [45], and SkillProbe [46]. Snyk Agent Red Teaming automatically probes AI-powered applications with adversarial inputs to uncover weaknesses in prompt handling, tool access, data protection, and safety guardrails. Cisco Skill Scanner combines Y ARA-based pattern matching, LLM-as-a-judge, and behavioral dataflow analysis; in our experiments, we configure GPT-4.1 [47] as the evaluator for its optional LLM"},{"citing_arxiv_id":"2605.05868","ref_index":20,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"SkillScope: Toward Fine-Grained Least-Privilege Enforcement for Agent Skills","primary_cat":"cs.CR","submitted_at":"2026-05-07T08:34:14+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"SkillScope detects over-privileged LLM agent skills with 94.53% F1 score via graph analysis and replay validation, finding 7,039 problematic skills in the wild and reducing violations by 88.56% while preserving task completion.","context_count":1,"top_context_role":"background","top_context_polarity":"background","context_text":"InProceedings of the 18th ACM Conference on Computer and Communications Security (CCS). ACM, 627-638. https://doi.or g/10.1145/2046707.2046779 [19] Zihan Guo, Zhiyu Chen, Xiaohang Nie, Jianghao Lin, Yuanjian Zhou, and Weinan Zhang. 2026. SkillProbe: Security Auditing for Emerging Agent Skill Marketplaces via Multi-Agent Collaboration.arXiv preprint arXiv:2603.21019(2026). [20] Hamza Harkous, Kassem Fawaz, RĂ©mi Lebret, Florian Schaub, Kang G. Shin, and Karl Aberer. 2018. Polisis: Automated Analysis and Presentation of Pri- vacy Policies Using Deep Learning. InProceedings of the 27th USENIX Security Symposium. [21] Information Commissioner's Office. 2026. Principle (c): Data minimisation. https: //ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/data-protecti"},{"citing_arxiv_id":"2605.05274","ref_index":9,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Sealing the Audit-Runtime Gap for LLM Skills","primary_cat":"cs.CR","submitted_at":"2026-05-06T14:23:22+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":7.0,"formal_verification":"none","one_line_summary":"SIGIL cryptographically seals the audit-runtime gap for LLM skills via an on-chain registry with four publication types, DAO vetting, and a runtime verification loader that enforces integrity and permissions.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2605.00424","ref_index":11,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Skills as Verifiable Artifacts: A Trust Schema and a Biconditional Correctness Criterion for Human-in-the-Loop Agent Runtimes","primary_cat":"cs.CR","submitted_at":"2026-05-01T05:53:05+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":4.0,"formal_verification":"none","one_line_summary":"Proposes a trust schema including verification levels and a biconditional correctness criterion to verify skills in human-in-the-loop agent runtimes, reducing the need for constant oversight.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2604.15415","ref_index":24,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"HarmfulSkillBench: How Do Harmful Skills Weaponize Your Agents?","primary_cat":"cs.CR","submitted_at":"2026-04-16T17:31:52+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":8.0,"formal_verification":"none","one_line_summary":"Harmful skills in open agent ecosystems raise average harm scores from 0.27 to 0.76 across six LLMs by lowering refusal rates when tasks are presented via pre-installed skills.","context_count":1,"top_context_role":"background","top_context_polarity":"background","context_text":"injection risks in third-party web chatbot plugins. Concur- rent with our work, four studies examine the newer agent- skill paradigm. They measure skill distribution patterns [38], identify covertly malicious skills that embed hidden pay- loads [40], propose skill orchestration frameworks [35], and audit skill marketplaces via multi-agent collaboration [24]. These studies characterize skill distribution, orchestration frameworks, covertly malicious payloads, or marketplace auditing, whereas HARMFULSKILLBENCHsystematically measures skills whose advertised functionality itself violates usage policies and benchmarks their effect on agent safety. Safety Alignment and Jailbreak Benchmarks.Two re- lated lines of work provide safety assessments for LLMs"},{"citing_arxiv_id":"2604.08224","ref_index":52,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Externalization in LLM Agents: A Unified Review of Memory, Skills, Protocols and Harness Engineering","primary_cat":"cs.SE","submitted_at":"2026-04-09T13:19:41+00:00","verdict":"ACCEPT","verdict_confidence":"LOW","novelty_score":5.0,"formal_verification":"none","one_line_summary":"LLM agent progress depends on externalizing cognitive functions into memory, skills, protocols, and harness engineering that coordinates them reliably.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2604.06550","ref_index":11,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"SkillSieve: A Hierarchical Triage Framework for Detecting Malicious AI Agent Skills","primary_cat":"cs.CR","submitted_at":"2026-04-08T00:58:48+00:00","verdict":null,"verdict_confidence":null,"novelty_score":null,"formal_verification":null,"one_line_summary":null,"context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null}],"limit":50,"offset":0}