Hasty Briefsbeta

Bilingual

Skills That Don't Exist: A Large-Scale Study of Hallucinated Skill

a day ago
  • #security vulnerability
  • #skill hallucination
  • #LLM agents
  • LLM agents recommend and install skills from open registries, but frequently hallucinate skill names that do not exist.
  • Skill name hallucination enables supply-chain attacks, where adversaries pre-register malicious skills under fake names for victims to install.
  • A large-scale study evaluated 15,000 prompts across 12 configurations, revealing hallucination rates averaging 36.0% for standalone LLMs and 36.9% for agents.
  • Hallucinated names are not random; agents repeat the same fake names, providing reliable targets for hijacking.
  • Defenses like retrieval grounding reduce hallucination but severely impact usability, highlighting a security-usability conflict.
  • Fixing this vulnerability requires structural ecosystem changes, such as registry-level name reservations and verified recommendation pipelines.