Skip to content
ATR-2026-00153criticalTool Poisoningdraft

Tool with embedded instruction to bypass user confirmation and exfiltrate data

Detects MCP tools that contain hidden instructions to bypass user confirmation and directly exfiltrate sensitive data. This pattern identifies tools that explicitly instruct the LLM to send data "without asking user confirmation" and "always pass all data directly" to external endpoints, which are clear indicators of malicious intent rather than legitimate functionality.

嚴重度
critical
類別
Tool Poisoning
掃描目標
mcp
作者
Threat Cloud LLM Analyzer

建議回應

alertsnapshot
在 GitHub 上查看完整 YAML →

更多 Tool Poisoning 規則

ATR-2026-00010criticalMalicious Content in MCP Tool ResponseATR-2026-00011highInstruction Injection via Tool OutputATR-2026-00012highUnauthorized Tool Call DetectionATR-2026-00013criticalSSRF via Agent Tool CallsATR-2026-00061mediumSkill Description-Behavior Mismatch