AgentSkillPrivacy/SkillLeakBench

--- title: SkillLeakBench license: mit --- # How Your Credentials Are Leaked by LLM Agent Skills: An Empirical Study A credential leakage benchmark dataset for LLM agent skills. We collected **170,226 skills** from SkillsMP, sampled **17,022** for analysis, and identified **520 affected skills** containing **1,708 security issues** across **10 leakage patterns**. ## Purpose The code and data in this repository are intended exclusively for: - Academic research on AI agent security - Developing defense mechanisms against credential leakage in agent skills - Evaluating the robustness of AI agent platforms ## Files | File | Rows | Description | |------|------|-------------| | `vulnerable_skills.csv` | 437 | Vulnerable skills with credential leakage patterns | | `malicious_skills.csv` | 83 | Malicious skills with attack patterns | ## Columns **vulnerable_skills.csv:** `source,skill_name,classification,patterns,issue_count,severity` **malicious_skills.csv:** `source,skill_name,classification,patterns,issue_count,severity` ## Distribution | Classification | Skills | Issues | |---------------|--------|--------| | Vulnerable | 437 | 1,371 | | Malicious | 83 | 337 | | **Total** | **520** | **1,708** | ## Leakage Patterns **Vulnerability (4):** Information Exposure, Hardcoded Credentials, Insecure Storage, Artifact Leakage **Malicious (6):** Remote Exploitation, Defense Evasion, Credential Compromise, Data Exfiltration, Resource Hijacking, Persistence ## Usage ```python import pandas as pd # Load datasets vulnerable = pd.read_csv('vulnerable_skills.csv') malicious = pd.read_csv('malicious_skills.csv') ``` ## Citation ```bibtex @inproceedings{skillleakbench2026, title={How Your Credentials Are Leaked by LLM Agent Skills: An Empirical Study}, author={Anonymous}, year={2026}, } ``` ## License MIT License