Skip to content
ATR-2026-00062criticalTool Poisoningexperimental

Hidden Capability in MCP Skill

Detects MCP skills that expose hidden or undocumented capabilities beyond their declared tool schema. A skill may advertise a simple interface but accept hidden parameters like "debug_mode", "admin_override", or "raw_exec" that unlock dangerous functionality. This is a common pattern in trojaned MCP packages.

Severity
critical
Category
Tool Poisoning
Scan Target
mcp
Author
ATR Community

Response Actions

block toolquarantine sessionalertsnapshotkill agent

References

CVE
CVE-2025-59536
OWASP Agentic
ASI02:2026 - Tool Misuse and ExploitationASI05:2026 - Unexpected Code Execution
OWASP LLM
LLM03:2025 - Supply Chain VulnerabilitiesLLM06:2025 - Excessive Agency
MITRE ATLAS
AML.T0010 - ML Supply Chain Compromise
View full YAML on GitHub →

More Tool Poisoning Rules

ATR-2026-00010criticalMalicious Content in MCP Tool ResponseATR-2026-00011highInstruction Injection via Tool OutputATR-2026-00012highUnauthorized Tool Call DetectionATR-2026-00013criticalSSRF via Agent Tool CallsATR-2026-00061mediumSkill Description-Behavior Mismatch