Skip to content
ATR-2026-00149criticalSkill Compromiseexperimental

Skill Data Exfiltration via Compound Patterns

Detects compound exfiltration patterns in SKILL.md files where sensitive data (credentials, SSH keys, wallet files, browser data, environment variables) is read AND transmitted to an external endpoint. Single-action patterns (just reading env vars or just mentioning curl) are intentionally excluded to avoid false positives on legitimate security and DevOps skills.

嚴重度
critical
類別
Skill Compromise
掃描目標
skill
作者
ATR Community

建議回應

block toolalertquarantine session

參考資料

OWASP Agentic
ASI04:2026 - Supply Chain CompromiseASI05:2026 - Unexpected Code Execution
OWASP LLM
LLM06:2025 - Excessive Agency
在 GitHub 上查看完整 YAML →

更多 Skill Compromise 規則

ATR-2026-00060highMCP Skill Impersonation and Supply Chain AttackATR-2026-00120criticalSKILL.md Prompt InjectionATR-2026-00121criticalMalicious Code in Skill PackageATR-2026-00122highWeaponized Skill — Agent as Attack ToolATR-2026-00123highOver-Privileged Skill — Excessive Permissions