Skip to content

Hide Navigation Hide TOC

Credential Access with Exfiltration in Skill Instructions - ATR-2026-00162 (1b38522c-1a65-5b4e-a9ee-1ef149a50e5b)

Detects SKILL.md files that combine credential file access (SSH keys, AWS credentials, API tokens) with outbound data transmission (curl POST, wget, HTTP request). Distinguishes real attacks from security documentation by requiring both access AND exfiltration in the same context.

Cluster A Galaxy A Cluster B Galaxy B Level
AI Model Inference API Access (90a420d4-3f03-4800-86c0-223c4376804a) MITRE ATLAS Attack Pattern Credential Access with Exfiltration in Skill Instructions - ATR-2026-00162 (1b38522c-1a65-5b4e-a9ee-1ef149a50e5b) Agent Threat Rules 1