← Back to brief
ResearchOfficialPreprintarXiv Cryptography and Security

Agent Skill Security: Threat Models, Attacks, Defenses, and Evaluation

Jul 16, 2026

A new preprint introduces SkillSec-Eval, a lifecycle-aware framework for systematically evaluating the security of reusable skills in LLM agents. The framework defines a threat taxonomy covering all stages of the skill lifecycle, including repository admission, retrieval, selection, execution, and evolution. Empirical analysis of 327 real-world skills reveals vulnerabilities at multiple stages, not just during execution.

Why it matters: This work exposes overlooked security risks in reusable LLM agent skills, emphasizing the need for comprehensive, lifecycle-aware security analysis as these components become more widely adopted.

Full story at: arXiv Cryptography and Security