Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
154 changes: 141 additions & 13 deletions data/note-index.json
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,16 @@
"taxonomy_version": "taxonomy-v1",
"stats": {
"summary": {
"total": 2036,
"classified": 1989,
"total": 2040,
"classified": 1993,
"unclassified": 47,
"unknown_difficulty": 1975,
"empty_description": 1970
},
"by_area": {
"papers": {
"total": 1075,
"classified": 1056,
"total": 1079,
"classified": 1060,
"unclassified": 19,
"unknown_difficulty": 1014,
"empty_description": 1013
Expand Down Expand Up @@ -191,6 +191,38 @@
"chunk_route": "/study/atlas/papers/topic-papers-ai-safety-and-interpretability-01/"
}
},
{
"id": "papers::active-environmental-injection",
"area": "papers",
"slug": "active-environmental-injection",
"title": "Active Environmental Injection — 多模态 Agent 的环境伪装攻击",
"description": "用 Active Environmental Injection 理解 GUI / 多模态 agent 为什么会被环境里的假按钮、假提示和视觉干扰劫持。",
"difficulty": "intermediate",
"canonical_topics": [
"papers-agents-and-llm-systems"
],
"classification": {
"state": "classified",
"source": "frontmatter-category",
"topic_id": "papers-agents-and-llm-systems",
"matched_category": "agent",
"raw_category": "AI Agent / Multimodal Security"
},
"trust": {
"contract_state": "v2",
"verification_status": "UNVERIFIED"
},
"freshness": {
"state": "NOT_EVALUATED",
"reviewed_at": "2026-07-15",
"review_after": null
},
"route": "/study/papers/active-environmental-injection/",
"atlas": {
"chunk_id": "topic-papers-agents-and-llm-systems-01",
"chunk_route": "/study/atlas/papers/topic-papers-agents-and-llm-systems-01/"
}
},
{
"id": "papers::adafactor-2018",
"area": "papers",
Expand Down Expand Up @@ -570,6 +602,38 @@
"chunk_route": "/study/atlas/papers/unclassified-01/"
}
},
{
"id": "papers::agentdojo",
"area": "papers",
"slug": "agentdojo",
"title": "AgentDojo — 测试工具型 agent 的 prompt injection 攻防场",
"description": "用 AgentDojo 理解为什么工具型 LLM agent 的安全评测必须把不可信工具数据、攻击目标和防御策略放进同一个动态环境。",
"difficulty": "intermediate",
"canonical_topics": [
"papers-agents-and-llm-systems"
],
"classification": {
"state": "classified",
"source": "frontmatter-category",
"topic_id": "papers-agents-and-llm-systems",
"matched_category": "agent",
"raw_category": "AI Agent / Security Benchmark"
},
"trust": {
"contract_state": "v2",
"verification_status": "UNVERIFIED"
},
"freshness": {
"state": "NOT_EVALUATED",
"reviewed_at": "2026-07-15",
"review_after": null
},
"route": "/study/papers/agentdojo/",
"atlas": {
"chunk_id": "topic-papers-agents-and-llm-systems-01",
"chunk_route": "/study/atlas/papers/topic-papers-agents-and-llm-systems-01/"
}
},
{
"id": "papers::agentic-context-engineering-2025",
"area": "papers",
Expand Down Expand Up @@ -3776,6 +3840,38 @@
"chunk_route": "/study/atlas/papers/topic-papers-hci-and-software-engineering-research-01/"
}
},
{
"id": "papers::browser-agent-privacy",
"area": "papers",
"slug": "browser-agent-privacy",
"title": "Privacy Practices of Browser Agents — 浏览器 Agent 的隐私行为盘点",
"description": "用 Privacy Practices of Browser Agents 理解浏览器 agent 为什么是高风险隐私边界,而不只是自动点击工具。",
"difficulty": "intermediate",
"canonical_topics": [
"papers-agents-and-llm-systems"
],
"classification": {
"state": "classified",
"source": "frontmatter-category",
"topic_id": "papers-agents-and-llm-systems",
"matched_category": "agent",
"raw_category": "AI Agent / Privacy"
},
"trust": {
"contract_state": "v2",
"verification_status": "UNVERIFIED"
},
"freshness": {
"state": "NOT_EVALUATED",
"reviewed_at": "2026-07-15",
"review_after": null
},
"route": "/study/papers/browser-agent-privacy/",
"atlas": {
"chunk_id": "topic-papers-agents-and-llm-systems-01",
"chunk_route": "/study/atlas/papers/topic-papers-agents-and-llm-systems-01/"
}
},
{
"id": "papers::browsergym",
"area": "papers",
Expand Down Expand Up @@ -15170,6 +15266,38 @@
"chunk_route": "/study/atlas/papers/topic-papers-databases-01/"
}
},
{
"id": "papers::injecagent",
"area": "papers",
"slug": "injecagent",
"title": "InjecAgent — 工具型 LLM Agent 的间接 Prompt Injection 基准",
"description": "用 InjecAgent 理解为什么外部邮件、网页和工具内容会把 agent 从用户目标劫持到攻击者目标。",
"difficulty": "intermediate",
"canonical_topics": [
"papers-agents-and-llm-systems"
],
"classification": {
"state": "classified",
"source": "frontmatter-category",
"topic_id": "papers-agents-and-llm-systems",
"matched_category": "agent",
"raw_category": "AI Agent / Prompt Injection"
},
"trust": {
"contract_state": "v2",
"verification_status": "UNVERIFIED"
},
"freshness": {
"state": "NOT_EVALUATED",
"reviewed_at": "2026-07-15",
"review_after": null
},
"route": "/study/papers/injecagent/",
"atlas": {
"chunk_id": "topic-papers-agents-and-llm-systems-01",
"chunk_route": "/study/atlas/papers/topic-papers-agents-and-llm-systems-01/"
}
},
{
"id": "papers::inner-monologue-2022",
"area": "papers",
Expand Down Expand Up @@ -30917,8 +31045,8 @@
},
"route": "/study/papers/terminal-bench/",
"atlas": {
"chunk_id": "topic-papers-agents-and-llm-systems-01",
"chunk_route": "/study/atlas/papers/topic-papers-agents-and-llm-systems-01/"
"chunk_id": "topic-papers-agents-and-llm-systems-02",
"chunk_route": "/study/atlas/papers/topic-papers-agents-and-llm-systems-02/"
}
},
{
Expand Down Expand Up @@ -31425,8 +31553,8 @@
},
"route": "/study/papers/toolbench-x/",
"atlas": {
"chunk_id": "topic-papers-agents-and-llm-systems-01",
"chunk_route": "/study/atlas/papers/topic-papers-agents-and-llm-systems-01/"
"chunk_id": "topic-papers-agents-and-llm-systems-02",
"chunk_route": "/study/atlas/papers/topic-papers-agents-and-llm-systems-02/"
}
},
{
Expand Down Expand Up @@ -31456,8 +31584,8 @@
},
"route": "/study/papers/toolformer/",
"atlas": {
"chunk_id": "topic-papers-agents-and-llm-systems-01",
"chunk_route": "/study/atlas/papers/topic-papers-agents-and-llm-systems-01/"
"chunk_id": "topic-papers-agents-and-llm-systems-02",
"chunk_route": "/study/atlas/papers/topic-papers-agents-and-llm-systems-02/"
}
},
{
Expand Down Expand Up @@ -31488,8 +31616,8 @@
},
"route": "/study/papers/toolllm-2023/",
"atlas": {
"chunk_id": "topic-papers-agents-and-llm-systems-01",
"chunk_route": "/study/atlas/papers/topic-papers-agents-and-llm-systems-01/"
"chunk_id": "topic-papers-agents-and-llm-systems-02",
"chunk_route": "/study/atlas/papers/topic-papers-agents-and-llm-systems-02/"
}
},
{
Expand Down Expand Up @@ -64715,7 +64843,7 @@
"page": 2,
"pages": 2,
"route": "/study/atlas/papers/topic-papers-agents-and-llm-systems-02/",
"entries": 13
"entries": 17
},
{
"id": "topic-papers-ai-safety-and-interpretability-01",
Expand Down
55 changes: 55 additions & 0 deletions data/review-receipts/papers/active-environmental-injection.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
{
"schema_version": "study-review-receipt-v1",
"generation": 1,
"predecessor_digest_sha256": null,
"note": {
"area": "papers",
"slug": "active-environmental-injection",
"digest_sha256": "93fdac301a5456e68fc2b789deb8c8cf96db24e0387beedc63433519d4770987"
},
"source_revision": "arXiv:2502.13053v3",
"research_input_sha256": "3d2e725dd1b60b681e7cc5cba3de5a558fdd69307d85df42fb5116b89a8da003",
"reviewers": [
{
"role": "ZERO_BASE",
"reviewer_version": "study-static-review-20260715-agent-security-round",
"decision": "PASS_WITH_NOTES",
"score": 86,
"warnings": [
"Explains active environmental injection with GUI-agent examples; no multimodal agent benchmark was executed."
],
"execution": {
"review_mode": "STATIC_REVIEW",
"code_mode": "MANUAL_SIMULATION"
}
},
{
"role": "ENGINEER",
"reviewer_version": "study-static-review-20260715-agent-security-round",
"decision": "PASS_WITH_NOTES",
"score": 84,
"warnings": [
"Robustness interpretation is static; no adversarial GUI environment or visual perturbation suite was run."
],
"execution": {
"review_mode": "STATIC_REVIEW",
"code_mode": "NOT_APPLICABLE"
}
},
{
"role": "ACADEMIC",
"reviewer_version": "study-static-review-20260715-agent-security-round",
"decision": "PASS_WITH_NOTES",
"score": 83,
"warnings": [
"Citation identity was checked through arXiv metadata; reported attack success rates are not independently reproduced."
],
"execution": {
"review_mode": "STATIC_REVIEW",
"code_mode": "NOT_APPLICABLE"
}
}
],
"waivers": [],
"created_at": "2026-07-15T04:14:00.000Z"
}
55 changes: 55 additions & 0 deletions data/review-receipts/papers/agentdojo.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
{
"schema_version": "study-review-receipt-v1",
"generation": 1,
"predecessor_digest_sha256": null,
"note": {
"area": "papers",
"slug": "agentdojo",
"digest_sha256": "feea8ae245a83c458ea4c5ba59ce9d88da91cde63ff19faf96bc811ac2b01bbc"
},
"source_revision": "arXiv:2406.13352v3",
"research_input_sha256": "a73bc0a096f436479c90934ddd468d1881dd8c312f46f7c1dc8f47744f2bb91d",
"reviewers": [
{
"role": "ZERO_BASE",
"reviewer_version": "study-static-review-20260715-agent-security-round",
"decision": "PASS_WITH_NOTES",
"score": 87,
"warnings": [
"Explains prompt injection attacks with a toy mail-agent scenario; AgentDojo was not run."
],
"execution": {
"review_mode": "STATIC_REVIEW",
"code_mode": "MANUAL_SIMULATION"
}
},
{
"role": "ENGINEER",
"reviewer_version": "study-static-review-20260715-agent-security-round",
"decision": "PASS_WITH_NOTES",
"score": 85,
"warnings": [
"Security interpretation is static; no attack or defense benchmark execution was performed."
],
"execution": {
"review_mode": "STATIC_REVIEW",
"code_mode": "NOT_APPLICABLE"
}
},
{
"role": "ACADEMIC",
"reviewer_version": "study-static-review-20260715-agent-security-round",
"decision": "PASS_WITH_NOTES",
"score": 84,
"warnings": [
"Citation identity was checked through arXiv metadata; reported benchmark results are not independently reproduced."
],
"execution": {
"review_mode": "STATIC_REVIEW",
"code_mode": "NOT_APPLICABLE"
}
}
],
"waivers": [],
"created_at": "2026-07-15T04:10:00.000Z"
}
55 changes: 55 additions & 0 deletions data/review-receipts/papers/browser-agent-privacy.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
{
"schema_version": "study-review-receipt-v1",
"generation": 1,
"predecessor_digest_sha256": null,
"note": {
"area": "papers",
"slug": "browser-agent-privacy",
"digest_sha256": "350e3c3dbe5d4f3ea31204b4c7981396afb39ced7d56a77b3f6791957f6c8317"
},
"source_revision": "arXiv:2512.07725v1",
"research_input_sha256": "cd3c1f3b4a72e84d30777d9e7362abf321057e9844f922073ccad27f612c833d",
"reviewers": [
{
"role": "ZERO_BASE",
"reviewer_version": "study-static-review-20260715-agent-security-round",
"decision": "PASS_WITH_NOTES",
"score": 85,
"warnings": [
"Explains browser-agent privacy risk with manual examples; no browser-agent product or extension was audited."
],
"execution": {
"review_mode": "STATIC_REVIEW",
"code_mode": "MANUAL_SIMULATION"
}
},
{
"role": "ENGINEER",
"reviewer_version": "study-static-review-20260715-agent-security-round",
"decision": "PASS_WITH_NOTES",
"score": 83,
"warnings": [
"Engineering implications are derived from static reading; no live traffic, permission, or data-retention test was run."
],
"execution": {
"review_mode": "STATIC_REVIEW",
"code_mode": "NOT_APPLICABLE"
}
},
{
"role": "ACADEMIC",
"reviewer_version": "study-static-review-20260715-agent-security-round",
"decision": "PASS_WITH_NOTES",
"score": 82,
"warnings": [
"Citation identity was checked through arXiv metadata; the privacy survey observations were not independently replicated."
],
"execution": {
"review_mode": "STATIC_REVIEW",
"code_mode": "NOT_APPLICABLE"
}
}
],
"waivers": [],
"created_at": "2026-07-15T04:13:00.000Z"
}
Loading