Benign in Isolation, Harmful in Composition: Security Risks in Agent Skill Ecosystems

The article introduces SCR-Bench, a new benchmark designed to evaluate Skill Composition Risk (SCR) in LLM agent ecosystems, highlighting security vulnerabilities that arise when multiple skills interact. SCR-Bench features three sub-benchmarks—SCR-CapFlow, SCR-TrustLift, and SCR-AuthBlur—each measuring distinct risks associated with capability flow, trust transfer, and authorization confusion, respectively. The findings reveal significant increases in attack success rates when skills are composed, with SCR-CapFlow showing a 33.6% attack success rate and SCR-TrustLift exceeding 96.5%, emphasizing the need for path-aware security assessments in LLM applications.