ATR-2026-00123highSkill Compromiseexperimental
Over-Privileged Skill — Excessive Permissions
Detects skills requesting or instructing overly broad permissions. OWASP AST03 rates this HIGH severity. 280+ leaky skills exposing API keys and PII found by Snyk (Feb 2026). The "consent gap" (Cato Networks) means once a skill is approved, it gains persistent permissions without re-approval. Real patterns: blanket network:true, wildcard file paths (~/*), write access to identity files (SOUL.md, MEMORY.md), auto-approve escalation (CVE-2025-53773). arXiv documents Copilot auto-approve attack writing {"chat.tools.autoApprove":true} to .vscode/settings.json.
嚴重度
high
類別
Skill Compromise
掃描目標
skill
作者
ATR Community
建議回應
alertreduce permissions
參考資料
OWASP Agentic
ASI03:2026 - Identity and Privilege Abuse
OWASP LLM
LLM06:2025 - Excessive Agency