Supply-Chain Poisoning Attacks Against LLM Coding Agent Skill Ecosystems
Critical security research on emerging threats in agent-based AI systems and third-party skill ecosystems.
AI Summary
This arXiv paper investigates supply-chain poisoning attacks targeting LLM-based coding agents through malicious third-party skills in open marketplaces. The research reveals how attackers can hijack agent action spaces (file writes, shell commands, network requests) by exploiting the lack of mandatory security review in skill distribution. This represents a novel security vulnerability in the rapidly growing ecosystem of agent skill marketplaces.
Excerpt
LLM-based coding agents extend their capabilities via third-party agent skills distributed through open marketplaces without mandatory security review. Unlike traditional packages, these skills are executed as operational directives with system-level privileges, so a single malicious skill can compromise the host. Prior work has not examined whether supply-chain attacks can directly hijack an agent's action space, such as file writes, shell commands, and network requests, despite existing safegu
