Skills Are Not Islands: Measuring Dependency and Risk in Agent Skill Supply Chains
English summary
The paper introduces the concept of Agent Skill Supply Chains (ASSCs) to model dependencies among agent skills, software packages, and services. The authors present SkillDepAnalyzer, a tool that extracts dependency information from natural-language skill descriptions and significantly outperforms LLM-based and SBOM baselines on the new SKILL-DEP benchmark. Applying SkillDepAnalyzer to over 1.43 million skills reveals four structural patterns, including governance gaps, concentrated reuse, hidden package inventories from recursive skill reuse, and dependency clusters forming around workflows. The analysis uncovers security risks that are invisible when inspecting a skill in isolation, and the authors report persistent malicious skills to developers. They recommend typed dependency manifests and lockfile-like records to improve agent skill supply chain security.
Chinese summary
本文提出智能体技能供应链(ASSC)概念,用于建模智能体技能、软件包与服务之间的依赖关系。作者开发了 SkillDepAnalyzer 工具,能从自然语言技能描述中提取依赖信息,并在新的 SKILL-DEP 基准测试中显著优于基于大语言模型和软件物料清单的基线方法。将 SkillDepAnalyzer 应用于超过 143 万项技能后,发现四个结构性模式:治理缺失的元数据、集中的复用、递归技能复用导致的隐藏软件包清单,以及以工作流为中心的依赖聚类。分析揭示了单独检查技能时不可见的安全风险,作者将持久存在的恶意技能报告给开发者。他们建议采用类型化依赖清单和类似锁定文件的记录,以增强智能体技能供应链安全。
Key points
Introduces Agent Skill Supply Chains (ASSCs) and SkillDepAnalyzer to extract skill dependencies from natural-language descriptions.
引入智能体技能供应链(ASSC)概念和 SkillDepAnalyzer 工具,从自然语言描述中提取技能依赖关系。
SkillDepAnalyzer significantly outperforms LLM and SBOM baselines on the SKILL-DEP benchmark.
在 SKILL-DEP 基准测试中,SkillDepAnalyzer 显著优于 LLM 和 SBOM 基线。
Analysis of over 1.43 million skills reveals four structural patterns: governance gaps, concentrated reuse, hidden package inventories, and workflow clusters.
对超过 143 万项技能的分析揭示了四个结构性模式:治理缺口、集中复用、隐藏软件包清单和工作流聚类。
Identified security risks hidden in dependencies and reported persistent malicious skills to developers.
识别出隐藏在依赖关系中的安全风险,并将持久性恶意技能报告给开发者。
Recommends typed dependency manifests, dependency-cluster management, risk-warning audit commands, and lockfile-like records.
建议采用类型化依赖清单、依赖集群管理、风险警告审计命令和类似锁定文件的记录。