[2604.06811] SkillTrojan: Backdoor Attacks on Skill-Based Agent Systems

Computer Science > Cryptography and Security arXiv:2604.06811 (cs) [Submitted on 8 Apr 2026] Title:SkillTrojan: Backdoor Attacks on Skill-Based Agent Systems Authors:Yunhao Feng, Yifan Ding, Yingshui Tan, Boren Zheng, Yanming Guo, Xiaolong Li, Kun Zhai, Yishan Li, Wenke Huang View a PDF of the paper titled SkillTrojan: Backdoor Attacks on Skill-Based Agent Systems, by Yunhao Feng and 8 other authors View PDF HTML (experimental) Abstract:Skill-based agent systems tackle complex tasks by composing reusable skills, improving modularity and scalability while introducing a largely unexamined security attack surface. We propose SkillTrojan, a backdoor attack that targets skill implementations rather than model parameters or training data. SkillTrojan embeds malicious logic inside otherwise plausible skills and leverages standard skill composition to reconstruct and execute an attacker-specified payload. The attack partitions an encrypted payload across multiple benign-looking skill invocations and activates only under a predefined trigger. SkillTrojan also supports automated synthesis of backdoored skills from arbitrary skill templates, enabling scalable propagation across skill-based agent ecosystems. To enable systematic evaluation, we release a dataset of 3,000+ curated backdoored skills spanning diverse skill patterns and trigger-payload configurations. We instantiate SkillTrojan in a representative code-based agent setting and evaluate both clean-task utility and attack suc...