ATR-2026-00120criticalSkill Compromiseexperimental
SKILL.md Prompt Injection
Detects prompt injection patterns embedded in SKILL.md files. 91% of confirmed malicious skills combine prompt injection with malware delivery (Snyk ToxicSkills, Feb 2026). Patterns include: system message impersonation, DAN-style jailbreaks, instruction override, and safety disablement. The convergence attack flow uses prompt injection first to disable safety warnings, then delivers malicious payloads. Real campaign: ClawHavoc (1,184 skills) used injection to bypass agent safety before credential exfiltration.
Severity
critical
Category
Skill Compromise
Scan Target
skill
Author
ATR Community
Response Actions
block toolalertquarantine session
References
OWASP Agentic
ASI01:2026 - Agent Goal Hijack
OWASP LLM
LLM01:2025 - Prompt Injection