Trust Me, Import This: Dependency Steering Attacks Via Malicious Agent Skills

LLM-powered coding agents increasingly make software supply chain decisions. They generate imports, recommend packages, and write installation commands. Prior work showed that these systems can hallucinate non-existent package names, which attackers may register as malicious packages. In this...

MOSAIC-Bench: Measuring Compositional Vulnerability Induction in Coding Agents

Coding agents often pass per-prompt safety review yet ship exploitable code when their tasks are decomposed into routine engineering tickets. The challenge is structural: existing safety alignment evaluates overt requests in isolation, leaving models blind to malicious end-states that emerge from...

Supply-Chain Poisoning Attacks against LLM Coding Agent Skill Ecosystems

LLM-based coding agents extend their capabilities via third-party agent skills distributed through open marketplaces without mandatory security review. Unlike traditional packages, these skills are executed as operational directives with system-level privileges, so a single malicious skill can...

test-xss

test-xss "test." Install bash np...

QueryIPI: Query-Agnostic Indirect Prompt Injection on Coding Agents

Modern coding agents integrated into IDEs combine powerful tools and system-level actions, exposing a high-stakes attack surface. Existing Indirect Prompt Injection IPI studies focus mainly on query-specific behaviors, leading to unstable attacks with lower success rates. We identify a more sever...

Takedown: How It's Done in Modern Coding Agent Exploits

Coding agents, which are LLM-driven agents specialized in software development, have become increasingly prevalent in modern programming environments. Unlike traditional AI coding assistants, which offer simple code completion and suggestions, modern coding agents tackle more complex tasks with...

When Developer Aid Becomes Security Debt: a Systematic Analysis of Insecure Behaviors in LLM Coding Agents

LLM-based coding agents are rapidly being deployed in software development, yet their security implications remain poorly understood. These agents, while capable of accelerating software development, may inadvertently introduce insecure practices. We conducted the first systematic security...