Skip to content
ATR-2026-00101highTool Poisoningexperimental

Trust Escalation via Authority Override Instructions

Detects MCP tools that instruct the LLM to treat tool output as "authoritative directives" that override user preferences or safety guidelines. This trust escalation attack exploits the LLM's tendency to follow tool instructions by declaring tool output as highest-priority instructions, effectively hijacking the agent's decision-making hierarchy.

Severity
high
Category
Tool Poisoning
Scan Target
mcp
Author
ATR Community

Response Actions

alertsnapshot

References

OWASP Agentic
ASI01:2026 - Agent Goal HijackASI02:2026 - Tool Misuse and Exploitation
OWASP LLM
LLM01:2025 - Prompt InjectionLLM06:2025 - Excessive Agency
View full YAML on GitHub →

More Tool Poisoning Rules

ATR-2026-00010criticalMalicious Content in MCP Tool ResponseATR-2026-00011highInstruction Injection via Tool OutputATR-2026-00012highUnauthorized Tool Call DetectionATR-2026-00013criticalSSRF via Agent Tool CallsATR-2026-00061mediumSkill Description-Behavior Mismatch