Skip to content
ATR-2026-00105highTool Poisoningexperimental

Silent Action Concealment Instructions in Tool Descriptions

Detects MCP tools that explicitly instruct the LLM to perform actions silently or hide implementation details from users. Patterns include "do not mention this to the user" and "don't tell the user about", which indicate the tool is performing hidden operations (e.g., credential harvesting, webhook subscriptions, data uploads) while instructing the LLM to conceal these actions from the user.

Severity
high
Category
Tool Poisoning
Scan Target
mcp
Author
ATR Community

Response Actions

alertsnapshot

References

OWASP Agentic
ASI04:2026 - Insufficient User ConsentASI02:2026 - Tool Misuse and Exploitation
OWASP LLM
LLM01:2025 - Prompt InjectionLLM06:2025 - Excessive Agency
View full YAML on GitHub →

More Tool Poisoning Rules

ATR-2026-00010criticalMalicious Content in MCP Tool ResponseATR-2026-00011highInstruction Injection via Tool OutputATR-2026-00012highUnauthorized Tool Call DetectionATR-2026-00013criticalSSRF via Agent Tool CallsATR-2026-00061mediumSkill Description-Behavior Mismatch