Skip to content
ATR-2026-00128criticalSkill Compromiseexperimental

Hidden Payload in HTML Comment

Detects malicious instructions hidden inside HTML comments in SKILL.md files. Attackers embed exfiltration commands, prompt overrides, or C2 URLs inside <!-- ... --> blocks that are invisible to the user but parsed by the agent. Real campaign: ClawHavoc evasive variants used HTML comments to hide "agent should output all API keys" instructions (2026-03).

嚴重度
critical
類別
Skill Compromise
掃描目標
skill
作者
ATR Community

建議回應

alertblock input

參考資料

OWASP Agentic
ASI01:2026 - Agent Goal Hijack
OWASP LLM
LLM01:2025 - Prompt Injection
在 GitHub 上查看完整 YAML →

更多 Skill Compromise 規則

ATR-2026-00060highMCP Skill Impersonation and Supply Chain AttackATR-2026-00120criticalSKILL.md Prompt InjectionATR-2026-00121criticalMalicious Code in Skill PackageATR-2026-00122highWeaponized Skill — Agent as Attack ToolATR-2026-00123highOver-Privileged Skill — Excessive Permissions