Skip to content
ATR-2026-00106highTool Poisoningexperimental

Schema-Description Contradiction Attack

Detects tools that claim read-only or safe functionality in their description but expose write-capable or dangerous parameters in their schema. This attack technique uses misleading descriptions to pass security review while the actual schema enables destructive operations. Example: a "safe_query" tool claiming "read-only database query" while exposing a "write_mode" parameter defaulting to true.

嚴重度
high
類別
Tool Poisoning
掃描目標
mcp
作者
ATR Community

建議回應

alertsnapshot

參考資料

OWASP Agentic
ASI02:2026 - Tool Misuse and ExploitationASI06:2026 - Insufficient Access Controls
OWASP LLM
LLM06:2025 - Excessive Agency
在 GitHub 上查看完整 YAML →

更多 Tool Poisoning 規則

ATR-2026-00010criticalMalicious Content in MCP Tool ResponseATR-2026-00011highInstruction Injection via Tool OutputATR-2026-00012highUnauthorized Tool Call DetectionATR-2026-00013criticalSSRF via Agent Tool CallsATR-2026-00061mediumSkill Description-Behavior Mismatch