Skip to content

Hide Navigation Hide TOC

Natural-Language Skill Self-Modification / Persistence Instruction - ATR-2026-00429 (9a9d0eae-780a-5c26-819d-0785cfcb2899)

Detects natural-language imperative instructions that direct the agent to modify its own SKILL.md file, write to other skill files, install additional skills, or otherwise establish persistence in the user's skill directory. Discriminator: imperative write-verb + skill-file target + persistence framing (always / on every load / on update / before deletion). This catches the structural pattern of self-replicating malicious skills regardless of the specific persistence mechanism.

Cluster A Galaxy A Cluster B Galaxy B Level
Full ML Model Access (3de90963-bc9f-4ae1-b780-7d05e46eacdd) MITRE ATLAS Attack Pattern Natural-Language Skill Self-Modification / Persistence Instruction - ATR-2026-00429 (9a9d0eae-780a-5c26-819d-0785cfcb2899) Agent Threat Rules 1
Natural-Language Skill Self-Modification / Persistence Instruction - ATR-2026-00429 (9a9d0eae-780a-5c26-819d-0785cfcb2899) Agent Threat Rules ML Supply Chain Compromise (d2cf31e0-a550-4fe0-8fdb-8941b3ac00d9) MITRE ATLAS Attack Pattern 1