ATR-2026-00066criticalTool Poisoningexperimental

Parameter Injection via Tool Arguments

Detects injection attacks delivered through MCP tool arguments. An attacker crafts tool arguments that contain shell metacharacters, SQL injection payloads, path traversal sequences, or template injection syntax. Unlike prompt injection (which targets the LLM), parameter injection targets the tool's backend processing and can lead to RCE, data breach, or privilege escalation on the tool server.

Severity

critical

Response Actions

block toolalertsnapshotquarantine session

References

CVE

CVE-2025-68143 CVE-2025-68144

OWASP Agentic

ASI02:2026 - Tool Misuse and Exploitation

OWASP LLM

LLM01:2025 - Prompt InjectionLLM05:2025 - Improper Output Handling

MITRE ATLAS

AML.T0051.001 - Indirect

View full YAML on GitHub →

More Tool Poisoning Rules

ATR-2026-00010criticalMalicious Content in MCP Tool Response ATR-2026-00011highInstruction Injection via Tool Output ATR-2026-00012highUnauthorized Tool Call Detection ATR-2026-00013criticalSSRF via Agent Tool Calls ATR-2026-00061mediumSkill Description-Behavior Mismatch