Skip to content
ATR-2026-00127mediumSkill Compromiseexperimental

Subcommand Overflow Bypass

Detects SKILL.md files declaring an excessive number of subcommands or tools (>50). Claude Code has a security architecture where each subcommand is individually evaluated for safety. When a skill declares >50 subcommands, some implementations skip security checks on overflow commands due to performance budgets or fixed-size buffers. Attackers pad with 49 benign commands then add malicious ones at the end, expecting the security check to be skipped. Discovered via Claude Code leak analysis (2026-03).

嚴重度
medium
類別
Skill Compromise
掃描目標
skill
作者
ATR Community

建議回應

alert

參考資料

OWASP Agentic
ASI02:2026 - Excessive Agent Autonomy
OWASP LLM
LLM07:2025 - System Prompt Leakage
在 GitHub 上查看完整 YAML →

更多 Skill Compromise 規則

ATR-2026-00060highMCP Skill Impersonation and Supply Chain AttackATR-2026-00120criticalSKILL.md Prompt InjectionATR-2026-00121criticalMalicious Code in Skill PackageATR-2026-00122highWeaponized Skill — Agent as Attack ToolATR-2026-00123highOver-Privileged Skill — Excessive Permissions