Skills That Don't Exist: A Large-Scale Study of Hallucinated Skill
a day ago
- #security vulnerability
- #skill hallucination
- #LLM agents
- LLM agents recommend and install skills from open registries, but frequently hallucinate skill names that do not exist.
- Skill name hallucination enables supply-chain attacks, where adversaries pre-register malicious skills under fake names for victims to install.
- A large-scale study evaluated 15,000 prompts across 12 configurations, revealing hallucination rates averaging 36.0% for standalone LLMs and 36.9% for agents.
- Hallucinated names are not random; agents repeat the same fake names, providing reliable targets for hijacking.
- Defenses like retrieval grounding reduce hallucination but severely impact usability, highlighting a security-usability conflict.
- Fixing this vulnerability requires structural ecosystem changes, such as registry-level name reservations and verified recommendation pipelines.