5. Unauthorized Tool Usage via Field Injection

5. Unauthorized Tool Usage via Field Injection

Attack: User tampers with server_hint or tool fields to invoke unintended behavior.

Example:

"tool": "internal_vuln_scanner", "params": {"scan_depth": "full_root"}

Mitigation: 

  • Map tools via task types, not user-submitted names
  • Use explicit allowlists per task
  • Rate-limit sensitive tools
ON THIS PAGE