Agent Skill Security: Threat Models, Attacks, Defenses, and Evaluation
Jul 16, 2026
A new preprint introduces SkillSec-Eval, a lifecycle-aware framework for systematically evaluating the security of reusable skills in LLM agents. The framework defines a threat taxonomy covering all stages of the skill lifecycle, including repository admission, retrieval, selection, execution, and evolution. Empirical analysis of 327 real-world skills reveals vulnerabilities at multiple stages, not just during execution.
Why it matters: This work exposes overlooked security risks in reusable LLM agent skills, emphasizing the need for comprehensive, lifecycle-aware security analysis as these components become more widely adopted.
Full story at: arXiv Cryptography and Security ↗