ATR-2026-00111criticalPrivilege Escalationexperimental
Shell Metacharacter Injection in Tool Arguments
Detects shell metacharacter injection patterns in tool arguments or agent-generated commands. Attackers embed backtick execution, $() subshells, semicolons, pipes, or logical operators to chain malicious commands onto otherwise safe tool invocations. Null byte and newline injection are also covered as they can truncate or split commands in vulnerable parsers.
Severity
critical
Category
Privilege Escalation
Scan Target
mcp
Author
ATR Community
Response Actions
block toolalertsnapshot
References
OWASP Agentic
ASI05:2026 - Unexpected Code Execution
More Privilege Escalation Rules
ATR-2026-00040criticalPrivilege Escalation and Admin Function AccessATR-2026-00041mediumAgent Scope Creep DetectionATR-2026-00064highOver-Permissioned MCP SkillATR-2026-00107highPrivilege Escalation via Delayed Task Execution BypassATR-2026-00110criticalRemote Code Execution via eval() and Dynamic Code Injection