{"id":"https://openalex.org/W7150731460","doi":"https://doi.org/10.48550/arxiv.2604.03070","title":"Credential Leakage in LLM Agent Skills: A Large-Scale Empirical Study","display_name":"Credential Leakage in LLM Agent Skills: A Large-Scale Empirical Study","publication_year":2026,"publication_date":"2026-04-03","ids":{"openalex":"https://openalex.org/W7150731460","doi":"https://doi.org/10.48550/arxiv.2604.03070"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.03070","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.03070","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.03070","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5133010905","display_name":"Zhihao Chen","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Chen, Zhihao","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133055471","display_name":"Ying Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Ying","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133061014","display_name":"Yi Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Yi","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133034754","display_name":"Gelei Deng","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Deng, Gelei","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133042586","display_name":"Yuekang Li","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Yuekang","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133062110","display_name":"Yanjun Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Yanjun","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5081596329","display_name":"Jianting Ning","orcid":"https://orcid.org/0000-0001-7165-398X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ning, Jianting","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133000668","display_name":"Leo Yu Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Leo Yu","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133012431","display_name":"Lei Ma","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ma, Lei","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5133056336","display_name":"Zhiqiang Li","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Zhiqiang","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":10,"corresponding_author_ids":["https://openalex.org/A5133010905"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.43630000948905945,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.43630000948905945,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.08579999953508377,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.0835999995470047,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/sandbox","display_name":"Sandbox (software development)","score":0.7099999785423279},{"id":"https://openalex.org/keywords/debugging","display_name":"Debugging","score":0.6725000143051147},{"id":"https://openalex.org/keywords/leakage","display_name":"Leakage (economics)","score":0.6200000047683716},{"id":"https://openalex.org/keywords/empirical-research","display_name":"Empirical research","score":0.5676000118255615},{"id":"https://openalex.org/keywords/credential","display_name":"Credential","score":0.5550000071525574},{"id":"https://openalex.org/keywords/confidentiality","display_name":"Confidentiality","score":0.41280001401901245}],"concepts":[{"id":"https://openalex.org/C167981075","wikidata":"https://www.wikidata.org/wiki/Q2667186","display_name":"Sandbox (software development)","level":2,"score":0.7099999785423279},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.6725000143051147},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6337000131607056},{"id":"https://openalex.org/C2777042071","wikidata":"https://www.wikidata.org/wiki/Q6509304","display_name":"Leakage (economics)","level":2,"score":0.6200000047683716},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5863999724388123},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.5676000118255615},{"id":"https://openalex.org/C2777810591","wikidata":"https://www.wikidata.org/wiki/Q16861606","display_name":"Credential","level":2,"score":0.5550000071525574},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.41280001401901245},{"id":"https://openalex.org/C2779201187","wikidata":"https://www.wikidata.org/wiki/Q2775060","display_name":"Information leakage","level":2,"score":0.4099000096321106},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.32510000467300415},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.3192000091075897},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.31839999556541443},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.28929999470710754},{"id":"https://openalex.org/C152752567","wikidata":"https://www.wikidata.org/wiki/Q116877","display_name":"Code refactoring","level":3,"score":0.2766000032424927},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.25220000743865967}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.03070","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.03070","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.03070","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.03070","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"display_name":"Quality Education","id":"https://metadata.un.org/sdg/4","score":0.7909905314445496}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Third-party":[0],"skills":[1,33,51,137],"extend":[2],"LLM":[3],"agents":[4],"with":[5,52,99],"powerful":[6],"capabilities":[7],"but":[8],"often":[9],"handle":[10],"sensitive":[11],"credentials":[12,116,144],"in":[13],"privileged":[14],"environments,":[15],"making":[16],"leakage":[17,61,72],"risks":[18],"poorly":[19],"understood.":[20],"We":[21,47,68,147],"present":[22],"the":[23,96],"first":[24],"large-scale":[25],"empirical":[26],"study":[27],"of":[28,59,80,105,142],"this":[29],"problem,":[30],"analyzing":[31],"17,022":[32],"(sampled":[34],"from":[35,89],"170,226":[36],"on":[37],"SkillsMP)":[38],"using":[39],"static":[40],"analysis,":[41],"sandbox":[42],"testing,":[43],"and":[44,55,65,82,101,113,123,140,152],"manual":[45],"inspection.":[46],"identify":[48],"520":[49],"vulnerable":[50],"1,708":[53],"issues":[54],"derive":[56],"a":[57],"taxonomy":[58],"10":[60],"patterns":[62],"(4":[63],"accidental":[64],"6":[66],"adversarial).":[67],"find":[69],"that":[70],"(1)":[71],"is":[73,95],"fundamentally":[74],"cross-modal:":[75],"76.3%":[76],"require":[77],"joint":[78],"analysis":[79],"code":[81],"natural":[83],"language,":[84],"while":[85],"3.1%":[86],"arise":[87],"purely":[88],"prompt":[90],"injection;":[91],"(2)":[92],"debug":[93],"logging":[94],"primary":[97],"vector,":[98],"print":[100],"console.log":[102],"causing":[103],"73.5%":[104],"leaks":[106],"due":[107],"to":[108,111,155],"stdout":[109],"exposure":[110],"LLMs;":[112],"(3)":[114],"leaked":[115],"are":[117],"both":[118],"exploitable":[119],"(89.6%":[120],"without":[121],"privileges)":[122],"persistent,":[124],"as":[125],"forks":[126],"retain":[127],"secrets":[128],"even":[129],"after":[130],"upstream":[131],"fixes.":[132],"After":[133],"disclosure,":[134],"all":[135],"malicious":[136],"were":[138,145],"removed":[139],"91.6%":[141],"hardcoded":[143],"fixed.":[146],"release":[148],"our":[149],"dataset,":[150],"taxonomy,":[151],"detection":[153],"pipeline":[154],"support":[156],"future":[157],"research.":[158]},"counts_by_year":[],"updated_date":"2026-04-07T06:06:30.997549","created_date":"2026-04-07T00:00:00"}