researchactive

Agent Skills Enable a New Class of Realistic and Trivially Simple Prompt Injections

Schmotz, Abdelnabi, Andriushchenko

Research showing that Claude's Skills feature, which auto-loads Markdown instructions from the filesystem, enables trivial prompt injection via a single malicious file. Demonstrates data exfiltration and privilege escalation across common agent deployments.

At a glance

Published

2025

Jurisdiction

International

More in Risks and challenges

ICO tech futures: Agentic AI

UK Information Commissioner's Office • 2026

International AI Safety Report 2026

Yoshua Bengio et al., UK DSIT • 2026

OWASP Top 10 for Agentic Applications for 2026

OWASP Gen AI Security Project • 2025

Related resources

Practices for governing agentic AI systems: OpenAI's seven safety principles

Governance frameworks • OpenAI

Taxonomy of Failure Mode in Agentic AI Systems

Risk taxonomies • Microsoft

The agentic AI landscape and its conceptual foundations

Foundations • OECD

Build your AI governance program

VerifyWise helps you implement AI governance frameworks, track compliance, and manage risk across your AI systems.

Explore the library Start free trial

Agent Skills Enable a New Class of Realistic and Trivially Simple Prompt Injections

Tags

At a glance

More in Risks and challenges

Related resources

Build your AI governance program