{"id":"https://openalex.org/W7138927737","doi":"https://doi.org/10.48550/arxiv.2603.16572","title":"Context Matters: Repository-Aware Security Analysis of the Agent Skill Ecosystem","display_name":"Context Matters: Repository-Aware Security Analysis of the Agent Skill Ecosystem","publication_year":2026,"publication_date":"2026-03-17","ids":{"openalex":"https://openalex.org/W7138927737","doi":"https://doi.org/10.48550/arxiv.2603.16572"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.16572","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.16572","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.16572","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5092014880","display_name":"Florian Holzbauer","orcid":"https://orcid.org/0000-0003-2494-0331"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Holzbauer, Florian","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130192649","display_name":"David J. Schmidt","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Schmidt, David","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055598388","display_name":"Gabriel K. Gegenhuber","orcid":"https://orcid.org/0000-0002-7225-6297"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Gegenhuber, Gabriel","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055367812","display_name":"Sebastian Schrittwieser","orcid":"https://orcid.org/0000-0003-2115-2022"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Schrittwieser, Sebastian","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5039756505","display_name":"Johanna Ullrich","orcid":"https://orcid.org/0000-0003-0297-9614"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ullrich, Johanna","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.25690001249313354,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.25690001249313354,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.164900004863739,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.11020000278949738,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/popularity","display_name":"Popularity","score":0.6480000019073486},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.5999000072479248},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5676000118255615},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.3756999969482422},{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.3124000132083893},{"id":"https://openalex.org/keywords/empirical-research","display_name":"Empirical research","score":0.29510000348091125}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7307999730110168},{"id":"https://openalex.org/C2780586970","wikidata":"https://www.wikidata.org/wiki/Q1357284","display_name":"Popularity","level":2,"score":0.6480000019073486},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.5999000072479248},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5676000118255615},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.44519999623298645},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.3756999969482422},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.3124000132083893},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.29510000348091125},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.2872999906539917},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.271699994802475},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2653999924659729},{"id":"https://openalex.org/C175154964","wikidata":"https://www.wikidata.org/wiki/Q380077","display_name":"Task analysis","level":3,"score":0.2606000006198883},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.25619998574256897}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.16572","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.16572","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.16572","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.16572","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/4","score":0.8220005631446838,"display_name":"Quality Education"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Agent":[0],"skills":[1,35,51,78,100,165],"extend":[2],"local":[3],"AI":[4,68],"agents,":[5],"such":[6],"as":[7,27,29,52],"Claude":[8],"Code":[9],"and":[10,84,86,91,186],"OpenClaw,":[11],"with":[12,114],"additional":[13],"functionality.":[14],"Their":[15],"growing":[16],"popularity":[17],"has":[18],"led":[19],"to":[20,48,72],"dedicated":[21],"marketplaces":[22,45],"resembling":[23],"mobile":[24],"app":[25],"stores,":[26],"well":[28],"automated":[30],"scanners":[31,140],"that":[32,138],"assess":[33],"whether":[34,108],"are":[36],"benign":[37],"or":[38],"malicious.":[39],"However,":[40],"scanner":[41],"reports":[42],"from":[43,79],"individual":[44],"classify":[46],"up":[47],"46.8%":[49],"of":[50,66,125,164,179],"malicious,":[53],"raising":[54],"concerns":[55],"about":[56],"false":[57],"positives.":[58],"We":[59,74],"present":[60],"the":[61,67,123,151,162,180,188],"largest":[62],"empirical":[63],"security":[64,192],"analysis":[65,106],"agent":[69],"skill":[70,111],"ecosystem":[71],"date.":[73],"collect":[75],"238,180":[76],"unique":[77],"three":[80],"major":[81],"distribution":[82],"platforms":[83],"GitHub,":[85],"analyze":[87],"their":[88],"contents,":[89],"behavior,":[90],"repository":[92,146],"context.":[93],"Unlike":[94],"existing":[95,139],"scanner-based":[96],"assessments,":[97],"which":[98],"evaluate":[99],"largely":[101],"in":[102,167],"isolation,":[103],"our":[104,172],"repository-aware":[105,133],"checks":[107],"a":[109,175],"flagged":[110],"is":[112,148],"consistent":[113],"its":[115],"surrounding":[116],"GitHub":[117,169],"project.":[118],"This":[119],"context":[120,147],"substantially":[121,142],"reduces":[122],"number":[124],"suspicious":[126,131],"skills:":[127],"only":[128],"0.52%":[129],"remain":[130],"after":[132],"analysis.":[134],"Our":[135],"results":[136],"show":[137],"can":[141],"overestimate":[143],"maliciousness":[144],"when":[145],"ignored.":[149],"At":[150],"same":[152],"time,":[153],"we":[154],"identify":[155],"previously":[156],"undocumented":[157],"real-world":[158],"attack":[159],"vectors,":[160],"including":[161],"hijacking":[163],"hosted":[166],"abandoned":[168],"repositories.":[170],"Overall,":[171],"findings":[173],"provide":[174],"more":[176],"robust":[177],"view":[178],"agent-skill":[181],"ecosystem's":[182],"current":[183],"risk":[184],"surface":[185],"highlight":[187],"need":[189],"for":[190],"context-aware":[191],"evaluation.":[193]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-03-20T00:00:00"}