1.10
.
No Vetting Path for Tools and External Context Sources
sail
1.10
Risk
No Vetting Path for Tools and External Context Sources
Description
Policy doesn't formalize how new MCP servers, plugins, tools, API/key-based integrations, or external context and data sources are reviewed and approved before being made available to agents in the environment.
Example
A developer connects a community MCP server to a production agent without security review, exposing the agent to tool description poisoning and command injection.
Assets Affected
AI Policy
MCP Server
Tool
Skill
Agents Plugins
Agents Marketplaces
Mitigation
- Establish a documented MCP and tool intake process
- require security review and signed metadata before allowlisting
- maintain a curated registry
- enforce attestation for community-sourced servers. Vet continuously, not once: apply update governance and re-review triggers, prefer signed sources, monitor approved tools, and keep a revocation/kill-switch
Standards Mapping
- ISO: A.10.3, A.4.4
- OWASP agentic: ASI04, ASI02
- OWASP LLM: LLM03:2025
- EU AI Act: Art. 25, Art. 9
- DASF: Agents-MCP Server 13.21, Agents-MCP Client 13.26
- AIUC-1: E006, B006