Skip to content
ATR-2026-00120criticalSkill Compromiseexperimental

SKILL.md Prompt Injection

Detects prompt injection patterns embedded in SKILL.md files. 91% of confirmed malicious skills combine prompt injection with malware delivery (Snyk ToxicSkills, Feb 2026). Patterns include: system message impersonation, DAN-style jailbreaks, instruction override, and safety disablement. The convergence attack flow uses prompt injection first to disable safety warnings, then delivers malicious payloads. Real campaign: ClawHavoc (1,184 skills) used injection to bypass agent safety before credential exfiltration.

嚴重度
critical
類別
Skill Compromise
掃描目標
skill
作者
ATR Community

建議回應

block toolalertquarantine session

參考資料

OWASP Agentic
ASI01:2026 - Agent Goal Hijack
OWASP LLM
LLM01:2025 - Prompt Injection
在 GitHub 上查看完整 YAML →

更多 Skill Compromise 規則

ATR-2026-00060highMCP Skill Impersonation and Supply Chain AttackATR-2026-00121criticalMalicious Code in Skill PackageATR-2026-00122highWeaponized Skill — Agent as Attack ToolATR-2026-00123highOver-Privileged Skill — Excessive PermissionsATR-2026-00124highSkill Squatting / Typosquatting