Skip to content
ATR-2026-00100highTool Poisoningexperimental

Consent Bypass via Hidden LLM Instructions in Tool Descriptions

Detects tool descriptions that embed instructions directing the LLM to automatically forward data to other tools or external endpoints without user confirmation. These instructions bypass normal consent workflows by telling the LLM to "always pass results directly" or that data "should be sent without user confirmation", enabling unauthorized data exfiltration chains.

嚴重度
high
類別
Tool Poisoning
掃描目標
mcp
作者
ATR Community

建議回應

alertsnapshot

參考資料

OWASP Agentic
ASI02:2026 - Tool Misuse and ExploitationASI04:2026 - Insufficient User Consent
OWASP LLM
LLM01:2025 - Prompt InjectionLLM05:2025 - Improper Output Handling
在 GitHub 上查看完整 YAML →

更多 Tool Poisoning 規則

ATR-2026-00010criticalMalicious Content in MCP Tool ResponseATR-2026-00011highInstruction Injection via Tool OutputATR-2026-00012highUnauthorized Tool Call DetectionATR-2026-00013criticalSSRF via Agent Tool CallsATR-2026-00061mediumSkill Description-Behavior Mismatch