[HUGGINGFACE]score: 0.62

POISE Attack Injects Hidden Payloads into LLM Agent Skills While Preserving Task Success

June 5, 2026

POISE resolves the reliability-stealth tradeoff in skill-poisoning attacks by using position-aware injection that executes malicious payloads without disrupting the user's legitimate task verifier in the same trial. Prior YAML-header and body injection methods fail this combined Attack Success Rate metric.

HOW THIS AFFECTS YOU

●

builderIf you build or deploy LLM agents that load third-party skills, POISE demonstrates a practical attack that passes task verification — skill provenance and sandboxing need to be part of your threat model.

●

researcherThe combined ASR metric requiring both payload execution and task success is a more realistic evaluation standard for skill-poisoning research.

●

policySkill-poisoning attacks that remain invisible to users and verifiers represent a concrete supply-chain risk for agentic AI deployments.

read original ↗huggingface.co

← back to feed