SkillTrojan: Backdoor Attacks on Skill-Based Agent Systems

SkillTrojan addresses a critical and emerging security gap in the 'Agentic AI' ecosystem: the reliance on third-party 'skills' or tools. While traditional backdoor research focuses on model weights or training data poisoning, this project targets the modular logic level. The defensibility is low (2) because it is a research reference implementation designed to demonstrate a vulnerability rather than a protected product; it is easily reproducible by any security researcher. The high fork count (9) relative to stars (0) within just 9 days suggests active academic or red-team interest, likely tied to a recent or upcoming conference paper submission. Frontier labs (OpenAI, Anthropic, Google) are at high risk of being targeted by such attacks as they build 'GPT Stores' and 'Agentic Workflows.' Consequently, they will likely integrate the defensive side of this research (skill sandboxing and static/dynamic analysis of tools) into their platforms, potentially sherlocking any independent security tools that attempt to solve this in the third-party market. The primary value here is the intellectual contribution to AI safety/security, defining a new attack vector that agent-orchestration platforms must now defend against.