This work addresses a critical security vulnerability in Internet of Agents (IoA) systems, where malicious agents can compromise system reliability by manipulating the semantic descriptions of their self-advertised capabilities to mislead task routing mechanisms. The paper formally defines this novel threat as “Skill Description Deception” (SDD) and introduces the first large language model–based automated framework capable of generating highly deceptive skill descriptions at scale. Experimental evaluation across nine representative domains demonstrates that the proposed attack achieves success rates as high as 98%, exposing significant semantic-level weaknesses in current IoA task routing architectures. These findings underscore both the severity and pervasiveness of SDD as an emerging attack vector, highlighting an urgent need for robust defenses against semantic manipulation in agent-based systems.

A new paradigm, Internet of Agents (IoA), is transforming networked systems into LLM-driven service networks, where heterogeneous agents collaborate through task routing based on their self-declared skill descriptions. Although this promising paradigm enables agentic, distributed, and advanced intelligence, it also exposes a new and overlooked attack surface. In particular, malicious agents can strategically manipulate their skill descriptions to bias routing decisions and increase their probability of being selected for task execution, thereby disrupting user tasks and degrading system reliability. To characterize this threat, we propose and formalize a new attack model, termed \emph{Skill Description Deception} (SDD) attack. We further design an LLM-enabled SDD attack framework that automatically generates deceptive skill descriptions, enabling systematic vulnerability assessment of IoA systems. Experimental results on nine representative domains show that the proposed attack can achieve up to 98\% attack success rate, demonstrating the severity and generality of the attack. Our paper reveals a new security vulnerability in IoA and calls for secure and trustworthy semantic routing mechanisms for future IoA systems.