{"id":"https://openalex.org/W7161027243","doi":"https://doi.org/10.48550/arxiv.2605.12015","title":"SkillSafetyBench: Evaluating Agent Safety under Skill-Facing Attack Surfaces","display_name":"SkillSafetyBench: Evaluating Agent Safety under Skill-Facing Attack Surfaces","publication_year":2026,"publication_date":"2026-05-12","ids":{"openalex":"https://openalex.org/W7161027243","doi":"https://doi.org/10.48550/arxiv.2605.12015"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2605.12015","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.12015","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2605.12015","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5136081793","display_name":"Chang Jin","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jin, Chang","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136016562","display_name":"An Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, An","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136002850","display_name":"Zeming Wei","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wei, Zeming","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136083816","display_name":"Kai Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Kai","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136042346","display_name":"Biaojie Zeng","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zeng, Biaojie","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136056056","display_name":"Qiaosheng Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Qiaosheng","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136027018","display_name":"Chao Yang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yang, Chao","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069432515","display_name":"Jingjing Qu","orcid":"https://orcid.org/0000-0002-8079-4722"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Qu, Jingjing","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136017787","display_name":"Xia Hu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hu, Xia","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5136011476","display_name":"Xingcheng Xu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xu, Xingcheng","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":10,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.6977999806404114,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.6977999806404114,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.06960000097751617,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.025699999183416367,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.770799994468689},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.7275999784469604},{"id":"https://openalex.org/keywords/modularity","display_name":"Modularity (biology)","score":0.5321999788284302},{"id":"https://openalex.org/keywords/interface","display_name":"Interface (matter)","score":0.49380001425743103},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.4771000146865845},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.45320001244544983},{"id":"https://openalex.org/keywords/component","display_name":"Component (thermodynamics)","score":0.4147999882698059}],"concepts":[{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.770799994468689},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7434999942779541},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.7275999784469604},{"id":"https://openalex.org/C2779478453","wikidata":"https://www.wikidata.org/wiki/Q6889748","display_name":"Modularity (biology)","level":2,"score":0.5321999788284302},{"id":"https://openalex.org/C113843644","wikidata":"https://www.wikidata.org/wiki/Q901882","display_name":"Interface (matter)","level":4,"score":0.49380001425743103},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.4771000146865845},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.45320001244544983},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.4147999882698059},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4032000005245209},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.37630000710487366},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3407000005245209},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.32330000400543213},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.3125},{"id":"https://openalex.org/C132835097","wikidata":"https://www.wikidata.org/wiki/Q7663745","display_name":"System safety","level":2,"score":0.3116999864578247},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.28119999170303345},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.27090001106262207},{"id":"https://openalex.org/C41550386","wikidata":"https://www.wikidata.org/wiki/Q529909","display_name":"Multi-agent system","level":2,"score":0.26750001311302185},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.2587999999523163},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2563999891281128},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.25529998540878296}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2605.12015","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.12015","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2605.12015","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.12015","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"score":0.6993297934532166,"id":"https://metadata.un.org/sdg/4","display_name":"Quality Education"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Reusable":[0],"skills":[1],"are":[2,32],"becoming":[3],"a":[4,68,95],"common":[5],"interface":[6],"for":[7,71],"extending":[8],"large":[9],"language":[10],"model":[11,105],"agents,":[12],"packaging":[13],"procedural":[14],"guidance":[15],"with":[16,94,100,116],"access":[17],"to":[18],"files,":[19],"tools,":[20],"memory,":[21],"and":[22,88,104,124,149],"execution":[23],"environments.":[24,153],"However,":[25],"this":[26],"modularity":[27],"introduces":[28],"attack":[29,122],"surfaces":[30],"that":[31,58,108,130],"largely":[33],"missed":[34],"by":[35],"existing":[36],"safety":[37,75,90,132],"evaluations:":[38],"even":[39],"when":[40],"the":[41,60],"user":[42],"request":[43],"is":[44],"benign,":[45],"unsafe":[46,63,114],"influence":[47],"may":[48],"reside":[49],"in":[50],"skill":[51],"guidance,":[52],"local":[53],"artifacts,":[54],"or":[55],"execution-environment":[56],"files":[57],"steer":[59],"agent":[61,131],"toward":[62],"actions.":[64],"We":[65],"present":[66],"SkillSafetyBench,":[67],"runnable":[69],"benchmark":[70],"evaluating":[72],"such":[73],"skill-mediated":[74],"failures.":[76],"SkillSafetyBench":[77],"includes":[78],"155":[79],"adversarial":[80],"cases":[81],"across":[82,120],"47":[83],"tasks,":[84],"6":[85],"risk":[86],"domains,":[87,121],"30":[89],"categories,":[91],"each":[92],"evaluated":[93],"case-specific":[96],"rule-based":[97],"verifier.":[98],"Experiments":[99],"multiple":[101],"CLI":[102],"agents":[103,143],"backends":[106],"show":[107],"non-user":[109],"attacks":[110],"can":[111],"consistently":[112],"induce":[113],"behavior,":[115],"distinct":[117],"failure":[118],"patterns":[119],"methods,":[123],"scaffold-model":[125],"pairings.":[126],"Our":[127],"findings":[128],"suggest":[129],"depends":[133],"not":[134],"only":[135],"on":[136,141],"model-level":[137],"alignment,":[138],"but":[139],"also":[140],"how":[142],"interpret":[144],"skills,":[145],"trust":[146],"workflow":[147],"context,":[148],"act":[150],"through":[151],"executable":[152]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-05-14T00:00:00"}