ATR-2026-00096criticalTool Poisoningdraft

Skill Registry Poisoning and Compromised Tool Distribution

Detects supply chain attacks that target skill/tool registries and distribution channels. Attackers compromise legitimate tool packages, inject backdoors into published skills, or create typosquatting tool names to distribute poisoned tools that execute malicious actions when installed or invoked by agents.

Severity

critical

Response Actions

block inputquarantine sessionalertescalatekill agent

References

MITRE ATLAS

AML.T0056

View full YAML on GitHub →

More Tool Poisoning Rules

ATR-2026-00010criticalMalicious Content in MCP Tool Response ATR-2026-00011highInstruction Injection via Tool Output ATR-2026-00012highUnauthorized Tool Call Detection ATR-2026-00013criticalSSRF via Agent Tool Calls ATR-2026-00061mediumSkill Description-Behavior Mismatch