No Attack Required: Semantic Fuzzing for Specification Violations in Agent Skills
arXiv:2605.13044v1 Announce Type: cross
Abstract: LLM-powered agents can silently delete documents, leak credentials, or transfer funds on a routine user request, not because the agent was attacked, but because the skill it invoked broke its own decla…