![[2602.14211] SkillJect: Automating Stealthy Skill-Based Prompt Injection for Coding Agents with Trace-Driven Closed-Loop Refinement](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2602.14211] SkillJect: Automating Stealthy Skill-Based Prompt Injection for Coding Agents with Trace-Driven Closed-Loop Refinement
Summary
The paper presents SkillJect, an automated framework for stealthy skill-based prompt injection in coding agents, addressing security vulnerabilities in AI systems.
Why It Matters
As AI coding agents become more prevalent, understanding their vulnerabilities is crucial for ensuring user safety and maintaining trust in AI technologies. SkillJect's approach highlights the need for robust security measures against prompt injection attacks, which could manipulate agent behavior and compromise safety protocols.
Key Takeaways
- SkillJect automates the process of prompt injection to exploit coding agents.
- The framework includes an Attack Agent, Code Agent, and Evaluate Agent for a closed-loop system.
- Experiments demonstrate high success rates for stealthy attacks under realistic conditions.
- The research emphasizes the importance of addressing security vulnerabilities in AI systems.
- Malicious payloads can be concealed within auxiliary scripts to bypass detection.
Computer Science > Cryptography and Security arXiv:2602.14211 (cs) [Submitted on 15 Feb 2026] Title:SkillJect: Automating Stealthy Skill-Based Prompt Injection for Coding Agents with Trace-Driven Closed-Loop Refinement Authors:Xiaojun Jia, Jie Liao, Simeng Qin, Jindong Gu, Wenqi Ren, Xiaochun Cao, Yang Liu, Philip Torr View a PDF of the paper titled SkillJect: Automating Stealthy Skill-Based Prompt Injection for Coding Agents with Trace-Driven Closed-Loop Refinement, by Xiaojun Jia and 7 other authors View PDF HTML (experimental) Abstract:Agent skills are becoming a core abstraction in coding agents, packaging long-form instructions and auxiliary scripts to extend tool-augmented behaviors. This abstraction introduces an under-measured attack surface: skill-based prompt injection, where poisoned skills can steer agents away from user intent and safety policies. In practice, naive injections often fail because the malicious intent is too explicit or drifts too far from the original skill, leading agents to ignore or refuse them; existing attacks are also largely hand-crafted. We propose the first automated framework for stealthy prompt injection tailored to agent skills. The framework forms a closed loop with three agents: an Attack Agent that synthesizes injection skills under explicit stealth constraints, a Code Agent that executes tasks using the injected skills in a realistic tool environment, and an Evaluate Agent that logs action traces (e.g., tool calls and file opera...
