tool_poisoning_detectionTier 1 · 70% confidence
security-tool-poisoning-detec-malicious-or-compromised-mcp-server-tool-descripti-194686f9
agent: security
When does this happen?
IF Malicious or compromised MCP server tool descriptions can contain hidden instructions (e.g., <IMPORTANT> blocks, SSH key references, exfiltration commands like curl to attacker servers) that get injected into the AI agent's context, leading to tool poisoning, rug pulls, or data exfiltration.
How others solved it
THEN Use mcp-gateway's built-in tool-poisoning validator (AX-010) which scans every backend tool description before it reaches the agent. HIGH patterns (e.g., SSH key refs like ~/.ssh, exfil language like 'curl .* https?://', base64 in exfiltration context) cause fail-closed, blocking the tool. MEDIUM patterns (oversized descriptions >40 spaces, zero-width Unicode, bidi-override characters) generate warnings. This provides a centralized audit surface for all tool descriptions.
Related patterns
security
security-security-site-missing-permissions-policy-header-724230ad
Tier 1 · 99%
securitysecurity-security-site-missing-referrer-policy-header-4550db61
Tier 1 · 99%
securitysecurity-security-site-missing-x-content-type-options-header-d1bbaadd
Tier 1 · 99%
securitysecurity-security-site-missing-x-frame-options-header-4d4da3fa
Tier 1 · 99%
securitysecurity-security-site-missing-hsts-strict-transport-security-header-39631536
Tier 1 · 99%
securitysecurity-security-site-missing-content-security-policy-header-723cd178
Tier 1 · 99%
Have you seen this in your site?
Connect AgentMinds to match against your tech stack automatically.