{"id":"https://openalex.org/W7151909507","doi":"https://doi.org/10.48550/arxiv.2604.04989","title":"SkillAttack: Automated Red Teaming of Agent Skills through Attack Path Refinement","display_name":"SkillAttack: Automated Red Teaming of Agent Skills through Attack Path Refinement","publication_year":2026,"publication_date":"2026-04-05","ids":{"openalex":"https://openalex.org/W7151909507","doi":"https://doi.org/10.48550/arxiv.2604.04989"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.04989","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.04989","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.04989","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5122941204","display_name":"Zenghao Duan","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Duan, Zenghao","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133205018","display_name":"Yuxin Tian","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Tian, Yuxin","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5122958626","display_name":"Zhiyi Yin","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yin, Zhiyi","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133205145","display_name":"Liang Pang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Pang, Liang","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103326150","display_name":"Jingcheng Deng","orcid":"https://orcid.org/0009-0001-5944-8657"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Deng, Jingcheng","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133155195","display_name":"Zihao Wei","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wei, Zihao","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133157519","display_name":"Shicheng Xu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xu, Shicheng","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133217960","display_name":"Yuyao Ge","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ge, Yuyao","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5133176731","display_name":"Xueqi Cheng","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Cheng, Xueqi","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5122941204"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.6496000289916992,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.6496000289916992,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.11079999804496765,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.05530000105500221,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.9185000061988831},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.876800000667572},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.7458999752998352},{"id":"https://openalex.org/keywords/margin","display_name":"Margin (machine learning)","score":0.6525999903678894},{"id":"https://openalex.org/keywords/openness-to-experience","display_name":"Openness to experience","score":0.6193000078201294},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.43149998784065247},{"id":"https://openalex.org/keywords/path","display_name":"Path (computing)","score":0.420199990272522}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.9185000061988831},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.876800000667572},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7473999857902527},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.7458999752998352},{"id":"https://openalex.org/C774472","wikidata":"https://www.wikidata.org/wiki/Q6760393","display_name":"Margin (machine learning)","level":2,"score":0.6525999903678894},{"id":"https://openalex.org/C84976871","wikidata":"https://www.wikidata.org/wiki/Q2015673","display_name":"Openness to experience","level":2,"score":0.6193000078201294},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6175000071525574},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.43149998784065247},{"id":"https://openalex.org/C2777735758","wikidata":"https://www.wikidata.org/wiki/Q817765","display_name":"Path (computing)","level":2,"score":0.420199990272522},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.41909998655319214},{"id":"https://openalex.org/C124304363","wikidata":"https://www.wikidata.org/wiki/Q673661","display_name":"Abstraction","level":2,"score":0.3474999964237213},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.3382999897003174},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.32710000872612},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.3142000138759613},{"id":"https://openalex.org/C41550386","wikidata":"https://www.wikidata.org/wiki/Q529909","display_name":"Multi-agent system","level":2,"score":0.30630001425743103},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.2770000100135803},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.2770000100135803},{"id":"https://openalex.org/C49937458","wikidata":"https://www.wikidata.org/wiki/Q2599292","display_name":"Probabilistic logic","level":2,"score":0.2734000086784363},{"id":"https://openalex.org/C175154964","wikidata":"https://www.wikidata.org/wiki/Q380077","display_name":"Task analysis","level":3,"score":0.2676999866962433},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.2581000030040741},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.2522999942302704},{"id":"https://openalex.org/C43091099","wikidata":"https://www.wikidata.org/wiki/Q1067788","display_name":"Through-the-lens metering","level":3,"score":0.25110000371932983}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.04989","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.04989","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.04989","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.04989","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"score":0.5923149585723877,"display_name":"Quality Education","id":"https://metadata.un.org/sdg/4"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"LLM-based":[0],"agent":[1,6,145],"systems":[2],"increasingly":[3],"rely":[4,30],"on":[5,31,106,125,131],"skills":[7,23,46,112,138],"sourced":[8],"from":[9],"open":[10],"registries":[11],"to":[12,25,129],"extend":[13],"their":[14],"capabilities,":[15],"yet":[16],"the":[17,63],"openness":[18],"of":[19],"such":[20],"ecosystems":[21],"makes":[22],"difficult":[24],"thoroughly":[26],"vet.":[27],"Existing":[28],"attacks":[29],"injecting":[32],"malicious":[33],"instructions":[34],"into":[35,92],"skills,":[36,127],"making":[37],"them":[38],"easily":[39],"detectable":[40],"by":[41,119],"static":[42],"auditing.":[43],"However,":[44],"non-malicious":[45],"may":[47],"also":[48],"harbor":[49],"latent":[50],"vulnerabilities":[51],"that":[52,72,96,114,135],"an":[53],"attacker":[54],"can":[55],"exploit":[56,90],"solely":[57],"through":[58,78],"adversarial":[59,79,108,126],"prompting,":[60],"without":[61],"modifying":[62],"skill":[64,75],"itself.":[65],"We":[66],"introduce":[67],"SkillAttack,":[68],"a":[69,93,120],"red-teaming":[70],"framework":[71],"dynamically":[73],"verifies":[74],"vulnerability":[76,83],"exploitability":[77],"prompting.":[80],"SkillAttack":[81,115],"combines":[82],"analysis,":[84],"surface-parallel":[85],"attack":[86],"generation,":[87],"and":[88,109],"feedback-driven":[89],"refinement":[91],"closed-loop":[94],"search":[95],"progressively":[97],"converges":[98],"toward":[99],"successful":[100],"exploitation.":[101],"Experiments":[102],"across":[103],"10":[104],"LLMs":[105],"71":[107],"100":[110],"real-world":[111,132],"show":[113],"outperforms":[116],"all":[117],"baselines":[118],"wide":[121],"margin":[122],"(ASR":[123],"0.73--0.93":[124],"up":[128],"0.26":[130],"skills),":[133],"revealing":[134],"even":[136],"well-intended":[137],"pose":[139],"serious":[140],"security":[141],"risks":[142],"under":[143],"realistic":[144],"interactions.":[146]},"counts_by_year":[],"updated_date":"2026-04-09T06:13:59.934233","created_date":"2026-04-09T00:00:00"}