Pith Number

pith:2GNROJ4I

pith:2026:2GNROJ4IVX265LAADOWWIVA4ZP

not attested not anchored not stored refs resolved

Skill-Inject: Measuring Agent Vulnerability to Skill File Attacks

David Schmotz, Luca Beurer-Kellner, Maksym Andriushchenko, Sahar Abdelnabi

LLM agents execute harmful instructions from injected skill files up to 80 percent of the time.

arxiv:2602.20156 v3 · 2026-02-23 · cs.CR · cs.LG

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?

Add to your LaTeX paper

\usepackage{pith}
\pithnumber{2GNROJ4IVX265LAADOWWIVA4ZP}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp

2 Internet Archive

3 Author claim open · sign in to claim

4 Citations open

5 Replications open

✓ Portable graph bundle live · download bundle · merged state

The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

today's agents are highly vulnerable with up to 80% attack success rate with frontier models, often executing extremely harmful instructions including data exfiltration, destructive action, and ransomware-like behavior.

C2weakest assumption

The crafted injection tasks and chosen frontier models accurately represent real-world skill file usage and attack scenarios that agents will encounter in deployment.

C3one line summary

LLM agents are highly vulnerable to prompt injection attacks delivered through skill files, achieving up to 80% success on harmful tasks including data exfiltration and destructive actions.

References

22 extracted · 22 resolved · 1 Pith anchors

[1] The Instruction Hierarchy: Training LLMs to Prioritize Privileged Instructions 2026 · arXiv:2404.13208

[2] Consider the subject matter

[3] Match palette to content

[4] backup script

[5] Comprehensive spreadsheet creation, editing, and analysis with support for formulas

Cited by

20 papers in Pith

Benchmarking Autonomous Agents against Temporal, Spatial, and Semantic Evasions

No Attack Required: Semantic Fuzzing for Specification Violations in Agent Skills

Do Skill Descriptions Tell the Truth? Detecting Undisclosed Security Behaviors in Code-Backed LLM Skills

Towards Secure Agent Skills: Architecture, Threat Taxonomy, and Security Analysis

Supply-Chain Poisoning Attacks Against LLM Coding Agent Skill Ecosystems

Receipt and verification

First computed	2026-05-17T23:38:48.438099Z
Builder	pith-number-builder-2026-05-17-v1
Signature	Pith Ed25519 (`pith-v1-2026-05`) · public key
Schema	pith-number/v1.0

Canonical hash

d19b172788adf5eeac001bad64541ccbe3ec7498970123f187fa731d6bd0994f

Aliases

arxiv: 2602.20156 · arxiv_version: 2602.20156v3 · doi: 10.48550/arxiv.2602.20156 · pith_short_12: 2GNROJ4IVX26 · pith_short_16: 2GNROJ4IVX265LAA · pith_short_8: 2GNROJ4I

Agent API

Resolver JSON Graph JSON Events JSON Schema Signing key

Verify this Pith Number yourself

curl -sH 'Accept: application/ld+json' https://pith.science/pith/2GNROJ4IVX265LAADOWWIVA4ZP \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: d19b172788adf5eeac001bad64541ccbe3ec7498970123f187fa731d6bd0994f

Canonical record JSON

{
  "metadata": {
    "abstract_canon_sha256": "89aa51f425c0438651383a670939b753523463988ab8149bed023e93c48ea508",
    "cross_cats_sorted": [
      "cs.LG"
    ],
    "license": "http://creativecommons.org/licenses/by/4.0/",
    "primary_cat": "cs.CR",
    "submitted_at": "2026-02-23T18:59:27Z",
    "title_canon_sha256": "0a4d6b0a4d1cc15566679910e0521871e08ee9351ffa18d74e1f722109c48851"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2602.20156",
    "kind": "arxiv",
    "version": 3
  }
}