Large language model (LLM) agents increasingly rely on skills to package reusable capabilities through instructions, tools, and resources. High-quality skills embed expert knowledge, curated workflows, and execution constraints into agents, fueling a growing skill economy through their value and scalability. Yet this ecosystem also creates a new attack surface, as adversaries can interact with public agent interfaces to extract hidden proprietary skill content. We present the first systematic study of black-box skill stealing against LLM agent systems. Compared with conventional system prompt stealing, skill stealing targets modular and structured capability packages whose leakage is directly actionable for copying, redistribution, and monetization, making the resulting harm potentially greater. To study this threat, we derive an attack taxonomy from prior prompt-stealing methods and build an automated stealing prompt generation agent. Starting from model-generated seed prompts, the framework expands attacks through scenario rationalization and structure injection while enforcing diversity via embedding-based filtering, yielding a reproducible pipeline for evaluating proprietary agent systems. We evaluate these attacks across commercial agent platforms and representative LLMs. Our results show that agent skills can often be extracted easily, posing a serious copyright risk. To mitigate this threat, we design defenses across the agent pipeline, focusing on input, inference, and output phase. Although these defenses substantially reduce leakage, the attack remains inexpensive and repeatable, and a single successful attempt is sufficient to compromise the protected skill. Overall, our findings suggest that these copyright risks remain largely overlooked across proprietary agent ecosystems, motivating stronger protection mechanisms.

翻译：大语言模型（LLM）智能体日益依赖通过指令、工具和资源封装可复用能力的技能。高质量技能将专家知识、精心设计的工作流程和执行约束嵌入智能体，凭借其价值和可扩展性催生了不断壮大的技能经济生态。然而，这一生态系统也创造了新的攻击面：攻击者可通过与公开智能体接口交互来提取隐藏的专有技能内容。我们首次对针对LLM智能体系统的黑盒技能窃取进行了系统研究。与传统的系统提示窃取相比，技能窃取针对模块化、结构化的能力包，其泄露可直接用于复制、分发和货币化，造成的潜在危害更大。为研究这一威胁，我们从先前的提示窃取方法中推导出攻击分类体系，并构建了自动化窃取提示生成智能体。该框架从模型生成的种子提示出发，通过场景合理化与结构注入扩展攻击，同时基于嵌入过滤确保多样性，形成可复现的专有智能体系统评估流水线。我们在商业智能体平台和代表性大语言模型上评估了这些攻击。结果表明，智能体技能往往极易被提取，构成严重的版权风险。为缓解这一威胁，我们在智能体流水线的输入、推理和输出阶段设计了防御措施。尽管这些防御能显著减少泄露，但攻击仍然低成本且可重复，单次成功尝试就足以破坏受保护的技能。总体而言，我们的发现表明这些版权风险在专有智能体生态系统中仍普遍被忽视，亟需更强的保护机制。