Skill Description Deception Attack against Task Routing in Internet of Agents

TL;DR

This paper introduces a new attack called Skill Description Deception that manipulates agent skill descriptions in Internet of Agents systems, significantly disrupting task routing and system reliability.

Contribution

It formalizes the SDD attack model, develops an LLM-enabled attack framework, and demonstrates high success rates across multiple domains, exposing a critical security vulnerability.

Findings

Attack success rate up to 98% in experiments

Manipulating skill descriptions biases routing decisions

Reveals a new security vulnerability in IoA systems

Abstract

A new paradigm, Internet of Agents (IoA), is transforming networked systems into LLM-driven service networks, where heterogeneous agents collaborate through task routing based on their self-declared skill descriptions. Although this promising paradigm enables agentic, distributed, and advanced intelligence, it also exposes a new and overlooked attack surface. In particular, malicious agents can strategically manipulate their skill descriptions to bias routing decisions and increase their probability of being selected for task execution, thereby disrupting user tasks and degrading system reliability. To characterize this threat, we propose and formalize a new attack model, termed \emph{Skill Description Deception} (SDD) attack. We further design an LLM-enabled SDD attack framework that automatically generates deceptive skill descriptions, enabling systematic vulnerability assessment of IoA systems. Experimental results on nine representative domains show that the proposed attack can achieve up to 98\% attack success rate, demonstrating the severity and generality of the attack. Our paper reveals a new security vulnerability in IoA and calls for secure and trustworthy semantic routing mechanisms for future IoA systems.