Skip to content
ATR-2026-00062criticalTool Poisoningexperimental

Hidden Capability in MCP Skill

Detects MCP skills that expose hidden or undocumented capabilities beyond their declared tool schema. A skill may advertise a simple interface but accept hidden parameters like "debug_mode", "admin_override", or "raw_exec" that unlock dangerous functionality. This is a common pattern in trojaned MCP packages.

嚴重度
critical
類別
Tool Poisoning
掃描目標
mcp
作者
ATR Community

建議回應

block toolquarantine sessionalertsnapshotkill agent

參考資料

CVE
CVE-2025-59536
OWASP Agentic
ASI02:2026 - Tool Misuse and ExploitationASI05:2026 - Unexpected Code Execution
OWASP LLM
LLM03:2025 - Supply Chain VulnerabilitiesLLM06:2025 - Excessive Agency
MITRE ATLAS
AML.T0010 - ML Supply Chain Compromise
在 GitHub 上查看完整 YAML →

更多 Tool Poisoning 規則

ATR-2026-00010criticalMalicious Content in MCP Tool ResponseATR-2026-00011highInstruction Injection via Tool OutputATR-2026-00012highUnauthorized Tool Call DetectionATR-2026-00013criticalSSRF via Agent Tool CallsATR-2026-00061mediumSkill Description-Behavior Mismatch