ATR-2026-00128criticalSkill Compromiseexperimental

Hidden Payload in HTML Comment

Detects malicious instructions hidden inside HTML comments in SKILL.md files. Attackers embed exfiltration commands, prompt overrides, or C2 URLs inside  blocks that are invisible to the user but parsed by the agent. Real campaign: ClawHavoc evasive variants used HTML comments to hide "agent should output all API keys" instructions (2026-03).

Severity

critical

Response Actions

alertblock input

References

OWASP Agentic

ASI01:2026 - Agent Goal Hijack

OWASP LLM

LLM01:2025 - Prompt Injection

View full YAML on GitHub →

More Skill Compromise Rules

ATR-2026-00060highMCP Skill Impersonation and Supply Chain Attack ATR-2026-00120criticalSKILL.md Prompt Injection ATR-2026-00121criticalMalicious Code in Skill Package ATR-2026-00122highWeaponized Skill — Agent as Attack Tool ATR-2026-00123highOver-Privileged Skill — Excessive Permissions