SkillSafetyBench: Evaluating Agent Safety under Skill-Facing Attack Surfaces

TL;DR

SkillSafetyBench is a comprehensive benchmark designed to evaluate safety failures in language model agents caused by skill-related attack surfaces, revealing vulnerabilities beyond model-level alignment.

Contribution

The paper introduces SkillSafetyBench, a benchmark with 155 adversarial cases to assess safety risks in skill-mediated language model agents.

Findings

Localized non-user attacks can induce unsafe behavior.

Safety failures vary across attack methods and domains.

Agent safety depends on skill interpretation and trust in workflow.

Abstract

Reusable skills are becoming a common interface for extending large language model agents, packaging procedural guidance with access to files, tools, memory, and execution environments. However, this modularity introduces attack surfaces that are largely missed by existing safety evaluations: even when the user request is benign, task-relevant skill materials or local artifacts can steer an agent toward unsafe actions. We present SkillSafetyBench, a runnable benchmark for evaluating such skill-mediated safety failures. SkillSafetyBench includes 155 adversarial cases across 47 tasks, 6 risk domains, and 30 safety categories, each evaluated with a case-specific rule-based verifier. Experiments with multiple CLI agents and model backends show that localized non-user attacks can consistently induce unsafe behavior, with distinct failure patterns across domains, attack methods, and scaffold-model pairings. Our findings suggest that agent safety depends not only on model-level alignment, but also on how agents interpret skills, trust workflow context, and act through executable environments.