English
Related papers

Related papers: SkillJect: Effectively Automating Skill-Based Prom…

200 papers

OpenClaw's ClawHub marketplace hosts tens of thousands of community-contributed agent skills (49,592 in our 2026-04-04 snapshot), and recent audits report that 13-26% contain security vulnerabilities. Regex scanners miss obfuscated…

Cryptography and Security · Computer Science 2026-05-27 Yinghan Hou , Zongyou Yang , Zaihu Pang , Xiujun Ma

LLM-based chatbot agents increasingly process user requests by combining natural-language reasoning with external tools such as web browsing. These capabilities improve usability, but they also create attack surfaces when untrusted external…

Cryptography and Security · Computer Science 2026-05-19 Hongjang Yang , Hyunsik Na , Daeseon Choi

AI agents are vulnerable to indirect prompt injection attacks, where malicious instructions embedded in external content or tool outputs cause unintended or harmful behavior. Inspired by the well-established concept of firewalls, we show…

Cryptography and Security · Computer Science 2026-03-24 Rishika Bhagwatkar , Kevin Kasa , Abhay Puri , Gabriel Huang , Irina Rish , Graham W. Taylor , Krishnamurthy Dj Dvijotham , Alexandre Lacoste

Web agents powered by vision-language models (VLMs) enable autonomous interaction with web environments by perceiving and acting on both visual and textual webpage content to accomplish user-specified tasks. However, they are highly…

Cryptography and Security · Computer Science 2026-04-15 Yulin Chen , Tri Cao , Haoran Li , Yue Liu , Yibo Li , Yufei He , Le Minh Khoi , Yangqiu Song , Shuicheng Yan , Bryan Hooi

Prompt injection is one of the most critical vulnerabilities in LLM agents; yet, effective automated attacks remain largely unexplored from an optimization perspective. Existing methods heavily depend on human red-teamers and hand-crafted…

Machine Learning · Computer Science 2026-02-23 Xin Chen , Jie Zhang , Florian Tramèr

Self-evolving LLM agents update their internal state across sessions, often by writing and reusing long-term memory. This design improves performance on long-horizon tasks but creates a security risk: untrusted external content observed…

Cryptography and Security · Computer Science 2026-03-06 Xianglin Yang , Yufei He , Shuo Ji , Bryan Hooi , Jin Song Dong

AI agents interact with external environments through tool calls, exposing them to attacks like indirect prompt injection that can trigger unauthorized actions. Securing these agents is challenging: they behave autonomously and…

Cryptography and Security · Computer Science 2026-05-15 Tianneng Shi , Jingxuan He , Zhun Wang , Hongwei Li , Linyu Wu , Wenbo Guo , Dawn Song

With the advancement of technology, large language models (LLMs) have achieved remarkable performance across various natural language processing (NLP) tasks, powering LLM-integrated applications like Microsoft Copilot. However, as LLMs…

Cryptography and Security · Computer Science 2025-08-05 Yulin Chen , Haoran Li , Zihao Zheng , Yangqiu Song , Dekai Wu , Bryan Hooi

LLM agents often rely on Skills to describe available tools and recommended procedures. We study a hidden-comment prompt injection risk in this documentation layer: when a Markdown Skill is rendered to HTML, HTML comment blocks can become…

Cryptography and Security · Computer Science 2026-02-12 Qianli Wang , Boyang Ma , Minghui Xu , Yue Zhang

Equipping large language models with explicit skills has emerged as a promising paradigm for enabling autonomous agents to solve complex tasks. Agent skills can be inherently divided into general skills for broad cognitive transfer and…

Computation and Language · Computer Science 2026-05-28 Jiapeng Zhu , Jianxiang Yu , Yibo Zhao , Chengcheng Han , Qi Gu , Xunliang Cai , Xiang Li , Weining Qian

LLM-based agents are increasingly deployed to handle streaming tasks, yet they often remain one-off problem solvers that fail to learn from past interactions. Reusable skills distilled from experience provide a natural substrate for…

Skills have become the de facto way to enable LLM agents to perform complex real-world tasks with customized instructions, workflows, and tools, but how to learn them automatically and effectively remains unclear. We introduce…

Computation and Language · Computer Science 2026-04-23 Shanshan Zhong , Yi Lu , Jingjie Ning , Yibing Wan , Lihan Feng , Yuyi Ao , Leonardo F. R. Ribeiro , Markus Dreyer , Sean Ammirati , Chenyan Xiong

AI agents can extend their capabilities at inference time by loading reusable skills into context, yet equipping an agent with too many skills, particularly irrelevant ones, degrades performance. As community-driven skill repositories grow,…

Artificial Intelligence · Computer Science 2026-03-31 Fangzhou Li , Pagkratios Tagkopoulos , Ilias Tagkopoulos

The rapid adoption of large language models (LLMs) in multi-agent systems has highlighted their impressive capabilities in various applications, such as collaborative problem-solving and autonomous negotiation. However, the security…

Computation and Language · Computer Science 2024-07-24 Tianjie Ju , Yiting Wang , Xinbei Ma , Pengzhou Cheng , Haodong Zhao , Yulong Wang , Lifeng Liu , Jian Xie , Zhuosheng Zhang , Gongshen Liu

Autonomous web agents powered by large language models (LLMs) have shown promise in completing complex browser tasks, yet they still struggle with long-horizon workflows. A key bottleneck is the grounding gap in existing skill formulations:…

Tool-calling autonomous agents based on large language models using ReAct exhibit three limitations: serial latency, quadratic context growth, and vulnerability to prompt injection and hallucination. Recent work moves towards separating…

Software Engineering · Computer Science 2026-04-06 Cormac Guerin , Frank Guerin

The increasing adoption of LLM agents with access to numerous tools and sensitive data significantly widens the attack surface for indirect prompt injections. Due to the context-dependent nature of attacks, however, current defenses are…

Cryptography and Security · Computer Science 2025-10-13 Debeshee Das , Luca Beurer-Kellner , Marc Fischer , Maximilian Baader

Language-model agent systems commonly rely on reactive prompting, in which a single instruction guides the model through an open-ended sequence of reasoning and tool-use steps, leaving control flow and intermediate state implicit and making…

Computation and Language · Computer Science 2026-04-16 Pengcheng Wang , Jerry Huang , Jiarui Yao , Rui Pan , Peizhi Niu , Yaowenqi Liu , Ruida Wang , Renhao Lu , Yuwei Guo , Tong Zhang

AI agents, predominantly powered by large language models (LLMs), are vulnerable to indirect prompt injection, in which malicious instructions embedded in untrusted data can trigger dangerous agent actions. This position paper discusses our…

Cryptography and Security · Computer Science 2026-04-01 Chong Xiang , Drew Zagieboylo , Shaona Ghosh , Sanjay Kariyappa , Kai Greshake , Hanshen Xiao , Chaowei Xiao , G. Edward Suh

Large Language Model (LLM) agents increasingly rely on long-term memory and Retrieval-Augmented Generation (RAG) to persist experiences and refine future performance. While this experience learning capability enhances agentic autonomy, it…

Cryptography and Security · Computer Science 2025-12-22 Saksham Sahai Srivastava , Haoyu He