Skip to content
ATR-2026-00151highSkill Compromiseexperimental

Malicious Fork Impersonation via Install Instruction

Detects skills or tool responses that instruct users to install packages described as "community fork", "enhanced version", or "patched version" of known tools. Real attack pattern: attacker publishes a typosquatted package and describes it as a fork to gain trust. Crystallized from 29 fork_claim adversarial samples.

Severity
high
Category
Skill Compromise
Scan Target
both
Author
ATR Threat Cloud Crystallization

Response Actions

alert

References

OWASP Agentic
ASI04:2026 - Supply Chain Compromise
OWASP LLM
LLM03:2025 - Supply Chain Vulnerabilities
View full YAML on GitHub →

More Skill Compromise Rules

ATR-2026-00060highMCP Skill Impersonation and Supply Chain AttackATR-2026-00120criticalSKILL.md Prompt InjectionATR-2026-00121criticalMalicious Code in Skill PackageATR-2026-00122highWeaponized Skill — Agent as Attack ToolATR-2026-00123highOver-Privileged Skill — Excessive Permissions