Skip to content
ATR-2026-00135criticalSkill Compromiseexperimental

Data Exfiltration URL in Skill Instructions

Detects SKILL.md files that instruct the agent to send data to external URLs, especially when combined with concealment language ("don't tell the user", "automatic", "verification step"). Legitimate skills may reference URLs for documentation, but they don't ask the agent to POST user data to them. Key pattern: instruction to send/post/upload + user data reference + URL.

嚴重度
critical
類別
Skill Compromise
掃描目標
skill
作者
ATR Community

建議回應

alertblock input

參考資料

OWASP Agentic
ASI01:2026 - Agent Goal Hijack
OWASP LLM
LLM01:2025 - Prompt Injection
在 GitHub 上查看完整 YAML →

更多 Skill Compromise 規則

ATR-2026-00060highMCP Skill Impersonation and Supply Chain AttackATR-2026-00120criticalSKILL.md Prompt InjectionATR-2026-00121criticalMalicious Code in Skill PackageATR-2026-00122highWeaponized Skill — Agent as Attack ToolATR-2026-00123highOver-Privileged Skill — Excessive Permissions