5. Unauthorized Tool Usage via Field Injection
5. Unauthorized Tool Usage via Field Injection
Attack: User tampers with server_hint or tool fields to invoke unintended behavior.
Example:
"tool": "internal_vuln_scanner", "params": {"scan_depth": "full_root"}
Mitigation:
- Map tools via task types, not user-submitted names
- Use explicit allowlists per task
- Rate-limit sensitive tools