{"id":"https://openalex.org/W7128403224","doi":"https://doi.org/10.48550/arxiv.2602.06547","title":"Malicious Agent Skills in the Wild: A Large-Scale Security Empirical Study","display_name":"Malicious Agent Skills in the Wild: A Large-Scale Security Empirical Study","publication_year":2026,"publication_date":"2026-02-06","ids":{"openalex":"https://openalex.org/W7128403224","doi":"https://doi.org/10.48550/arxiv.2602.06547"},"language":null,"primary_location":{"id":"pmh:doi:10.48550/arxiv.2602.06547","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5125429160","display_name":"Yi Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Liu, Yi","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100341616","display_name":"Zhihao Chen","orcid":"https://orcid.org/0000-0002-5858-1034"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chen, Zhihao","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5125429942","display_name":"Yanjun Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Yanjun","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5125406974","display_name":"Gelei Deng","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Deng, Gelei","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5125411779","display_name":"Yuekang Li","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Yuekang","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5081596329","display_name":"Jianting Ning","orcid":"https://orcid.org/0000-0001-7165-398X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ning, Jianting","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5125376250","display_name":"Leo Yu Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Ying","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":null,"display_name":"Zhang, Leo Yu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Leo Yu","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5125429160"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.32739999890327454,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.32739999890327454,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.1264999955892563,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.11079999804496765,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.6953999996185303},{"id":"https://openalex.org/keywords/pipeline","display_name":"Pipeline (software)","score":0.5569999814033508},{"id":"https://openalex.org/keywords/shadow","display_name":"Shadow (psychology)","score":0.49549999833106995},{"id":"https://openalex.org/keywords/empirical-research","display_name":"Empirical research","score":0.4661000072956085},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.4372999966144562},{"id":"https://openalex.org/keywords/permission","display_name":"Permission","score":0.4357999861240387},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.4047999978065491},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.3693000078201294},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.33559998869895935}],"concepts":[{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.6953999996185303},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6582000255584717},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6578999757766724},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.5569999814033508},{"id":"https://openalex.org/C117797892","wikidata":"https://www.wikidata.org/wiki/Q286363","display_name":"Shadow (psychology)","level":2,"score":0.49549999833106995},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.4661000072956085},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.4372999966144562},{"id":"https://openalex.org/C2779089604","wikidata":"https://www.wikidata.org/wiki/Q7169333","display_name":"Permission","level":2,"score":0.4357999861240387},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.4047999978065491},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.3693000078201294},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.35510000586509705},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.33559998869895935},{"id":"https://openalex.org/C74072328","wikidata":"https://www.wikidata.org/wiki/Q1142726","display_name":"Intelligent agent","level":2,"score":0.3310999870300293},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.30790001153945923},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.2847000062465668},{"id":"https://openalex.org/C41550386","wikidata":"https://www.wikidata.org/wiki/Q529909","display_name":"Multi-agent system","level":2,"score":0.2806999981403351},{"id":"https://openalex.org/C166052673","wikidata":"https://www.wikidata.org/wiki/Q83021","display_name":"Empirical evidence","level":2,"score":0.27959999442100525},{"id":"https://openalex.org/C108713360","wikidata":"https://www.wikidata.org/wiki/Q1824206","display_name":"Supply chain","level":2,"score":0.2667999863624573},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.26600000262260437},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.2612999975681305},{"id":"https://openalex.org/C113843644","wikidata":"https://www.wikidata.org/wiki/Q901882","display_name":"Interface (matter)","level":4,"score":0.2551000118255615},{"id":"https://openalex.org/C501001295","wikidata":"https://www.wikidata.org/wiki/Q2480597","display_name":"Life skills","level":2,"score":0.2540000081062317},{"id":"https://openalex.org/C86844869","wikidata":"https://www.wikidata.org/wiki/Q2798820","display_name":"Hacker","level":2,"score":0.2533000111579895},{"id":"https://openalex.org/C2779777834","wikidata":"https://www.wikidata.org/wiki/Q4202277","display_name":"Enforcement","level":2,"score":0.2524999976158142},{"id":"https://openalex.org/C13687954","wikidata":"https://www.wikidata.org/wiki/Q4826847","display_name":"Autonomous agent","level":2,"score":0.25209999084472656},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.2513999938964844}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:doi:10.48550/arxiv.2602.06547","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},{"id":"doi:10.48550/arxiv.2602.06547","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2602.06547","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:doi:10.48550/arxiv.2602.06547","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Third-party":[0],"agent":[1,49,107,179],"skills":[2,50,55,63,73,144],"extend":[3],"LLM-based":[4],"agents":[5],"with":[6,19,28,64],"instruction":[7,110],"files":[8],"and":[9,22,85,102,155,171],"executable":[10],"code":[11],"that":[12,95,105],"run":[13],"on":[14,178],"users'":[15],"machines.":[16],"Skills":[17],"execute":[18],"user":[20],"privileges":[21],"are":[23,69],"distributed":[24],"through":[25,98,109,121],"community":[26,58],"registries":[27],"minimal":[29],"vetting,":[30],"but":[31,138],"no":[32],"ground-truth":[33],"dataset":[34,46,170],"exists":[35],"to":[36,161,174],"characterize":[37],"the":[38,43,86,149,169],"resulting":[39],"threats.":[40],"We":[41,167],"construct":[42],"first":[44],"labeled":[45],"of":[47,80,118,135,140],"malicious":[48,62],"by":[51,147],"behaviorally":[52],"verifying":[53],"98,380":[54],"from":[56,129],"two":[57,91],"registries,":[59],"confirming":[60],"157":[61],"632":[65],"vulnerabilities.":[66],"These":[67],"attacks":[68,137],"not":[70],"incidental.":[71],"Malicious":[72],"average":[74],"4.03":[75],"vulnerabilities":[76],"across":[77],"a":[78],"median":[79],"three":[81],"kill":[82],"chain":[83,100],"phases,":[84],"ecosystem":[87],"has":[88],"split":[89],"into":[90],"archetypes:":[92],"Data":[93],"Thieves":[94],"exfiltrate":[96],"credentials":[97],"supply":[99],"techniques,":[101],"Agent":[103],"Hijackers":[104],"subvert":[106],"decision-making":[108],"manipulation.":[111],"A":[112],"single":[113],"actor":[114],"accounts":[115],"for":[116],"54.1\\%":[117],"confirmed":[119],"cases":[120],"templated":[122],"brand":[123],"impersonation.":[124],"Shadow":[125],"features,":[126],"capabilities":[127],"absent":[128],"public":[130],"documentation,":[131],"appear":[132],"in":[133],"0\\%":[134],"basic":[136],"100\\%":[139],"advanced":[141],"ones;":[142],"several":[143],"go":[145],"further":[146],"exploiting":[148],"AI":[150],"platform's":[151],"own":[152],"hook":[153],"system":[154],"permission":[156],"flags.":[157],"Responsible":[158],"disclosure":[159],"led":[160],"93.6\\%":[162],"removal":[163],"within":[164],"30":[165],"days.":[166],"release":[168],"analysis":[172],"pipeline":[173],"support":[175],"future":[176],"work":[177],"skill":[180],"security.":[181]},"counts_by_year":[],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2026-02-10T00:00:00"}