ATR-2026-00129criticalSkill Compromiseexperimental

Unicode Tag Character Smuggling

Detects Unicode Tag characters (U+E0001-U+E007F) and other invisible Unicode ranges used to smuggle hidden instructions in SKILL.md files. These characters are invisible in most editors and renderers but are processed by AI agents as text. Snyk ToxicSkills research (Feb 2026) documented this as "ASCII smuggling" — invisible payloads that agents read but humans cannot see.

Severity

critical

Response Actions

alertblock input

References

OWASP LLM

LLM01:2025 - Prompt Injection

View full YAML on GitHub →

More Skill Compromise Rules

ATR-2026-00060highMCP Skill Impersonation and Supply Chain Attack ATR-2026-00120criticalSKILL.md Prompt Injection ATR-2026-00121criticalMalicious Code in Skill Package ATR-2026-00122highWeaponized Skill — Agent as Attack Tool ATR-2026-00123highOver-Privileged Skill — Excessive Permissions