The Register reported on a preprint about “semantic supply-chain attacks” on AI agent skill registries.
The article focused on text-based SKILL.md instructions that agents may load and follow.
The Register cited University of Maryland professor Soheil Feizi describing skills as both code and natural-language instructions that can function as user-authorized prompt injection.
The Register described demonstrations where short triggers and description changes influenced discovery and selection rates.
It also reported that the demonstrations could evade scanning defenses, including by overflowing an LLM reviewer’s context window.
Source: The Register