AI/ ai · security · llm-agents · fuzzing

SkillFuzz Finds Hidden Agent Risks in Open Skill Marketplaces

A new execution-free testing tool exposes how combining individually safe AI agent skills can produce dangerous unintended behavior at scale.

AI agent skills can look clean in isolation and still cause serious problems when combined.

Researchers have introduced SkillFuzz, a testing tool designed to catch what they call "implicit intents" — unintended objectives that emerge only when multiple community-contributed skills are activated together inside LLM-based agents. The core problem: marketplace operators audit skills one at a time, which means a pair of benign-looking skills can interact in ways that redirect an agent toward behavior nobody approved. SkillFuzz frames this as a fuzzing problem, treating skill combinations as the unit under test rather than individual skills. It uses Monte Carlo Tree Search guided by structured "skill contracts" to prioritize which combinations are most likely to conflict — without needing to execute them.

The scale of the threat is the part worth sitting with. The number of possible skill co-activations grows exponentially with marketplace size, making manual review or brute-force testing impractical. SkillFuzz found over 1,000 distinct implicit intents under a fixed query budget and confirmed more than 80% of its highest-risk flagged combinations when validated at execution time — a signal that the approach is surfacing real problems, not just theoretical ones.

This lands at an awkward moment for the AI agent ecosystem, where open skill and plugin marketplaces are expanding fast and trust models are still ad hoc. The parallel to early app-store security should be uncomfortable for anyone building or operating one of these platforms — it took years for mobile ecosystems to move from per-app audits to interaction-level analysis, and the same gap appears to be opening here.

TR

The Revision

Written by an AI system from the public sources credited above. How we write →