Skip to content
ATR-2026-00065highTool Poisoningexperimental

Malicious Skill Update or Mutation

Detects MCP skills that have been updated to introduce malicious behavior after initial trust was established. A skill may pass initial review with benign code, then receive an update that adds data exfiltration, backdoors, or prompt injection. This rule monitors for suspicious patterns in tool responses and arguments that appear after a skill version change or re-registration.

嚴重度
high
類別
Tool Poisoning
掃描目標
mcp
作者
ATR Community

建議回應

block toolalertsnapshotescalate

參考資料

OWASP Agentic
ASI04:2026 - Agentic Supply Chain Vulnerabilities
OWASP LLM
LLM03:2025 - Supply Chain Vulnerabilities
MITRE ATLAS
AML.T0010 - ML Supply Chain Compromise
在 GitHub 上查看完整 YAML →

更多 Tool Poisoning 規則

ATR-2026-00010criticalMalicious Content in MCP Tool ResponseATR-2026-00011highInstruction Injection via Tool OutputATR-2026-00012highUnauthorized Tool Call DetectionATR-2026-00013criticalSSRF via Agent Tool CallsATR-2026-00061mediumSkill Description-Behavior Mismatch