Skip to content
ATR-2026-00110criticalPrivilege Escalationexperimental

Remote Code Execution via eval() and Dynamic Code Injection

Detects tools or agent instructions that invoke eval(), Function(), vm.runInNewContext(), or similar dynamic code execution primitives. These functions allow arbitrary code execution within the agent runtime, enabling an attacker to break out of sandboxed tool contexts, access the host process, or pivot to child_process for full system compromise.

Severity
critical
Category
Privilege Escalation
Scan Target
mcp
Author
ATR Community

Response Actions

block toolalertsnapshot

References

OWASP Agentic
ASI05:2026 - Unexpected Code Execution
View full YAML on GitHub →

More Privilege Escalation Rules

ATR-2026-00040criticalPrivilege Escalation and Admin Function AccessATR-2026-00041mediumAgent Scope Creep DetectionATR-2026-00064highOver-Permissioned MCP SkillATR-2026-00107highPrivilege Escalation via Delayed Task Execution BypassATR-2026-00111criticalShell Metacharacter Injection in Tool Arguments