China's CNCERT Warns of Malicious AI Agent Skill Packages

China's National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT) issued a security alert on Tuesday, warning about malicious AI agent skill packages that pose jailbreak and crypto-mining risks.

The agency noted that some Skills, which are portable packages of instructions, scripts, and resources that give agents specialized capabilities and domain expertise, claim to enable large language models to 'answer any question' by circumventing safety guardrails.

CNCERT reported one case where a Skill named 'godmode' was advertised as providing 'large model jailbreaking' capabilities but contained multiple attack modules that employed sophisticated techniques to trick AI systems into breaking through security restrictions and generating prohibited content.

Another case involved Skills embedded with cryptocurrency mining functionality, which compel AI agents to download external mining programs and instruct users to allocate substantial computing resources for mining operations, exposing users to legal liability and economic losses.