Semantic Supply-Chain Attacks on AI Agent Skill Registries

A recent investigation published on arXiv (2605.11418) indicates that autonomous AI agents are susceptible to semantic supply-chain attacks via their SKILL.md files. These documents outline the conditions under which agents employ modular skills and can be exploited to affect skill discovery, selection, and governance. By utilizing actual ClawHub skills and realistic registry systems, the researchers demonstrated that brief textual prompts during the Discovery phase could manipulate embedding-based retrieval, achieving a pairwise win rate of 86% and an 80% Top-10 placement for adversarial skills. In the Selection phase, framing based solely on descriptions led agents to favor functionally similar adversarial variants in 77.6% of trials. The research also points out semantic evasion methods in Governance, where natural-language metadata can circumvent security measures, highlighting new risks in AI agent ecosystems.