SAIL 2.0

/

Deploy - Runtime Guardrails

/

Tool Result Poisoning at Runtime

5.5

.

Tool Result Poisoning at Runtime

sail
5.5
Risk

Tool Result Poisoning at Runtime

Description

A tool or MCP server returns crafted output (poisoned data, hidden instructions in tool descriptions) that the agent treats as trusted.

Example

A community MCP server returns a tool description containing hidden directives that cause the agent to exfiltrate local credentials.

Assets Affected

Tool

MCP Server

AI Agent

Agent Harness

Mitigation
  • Schema-validate tool outputs
  • sanitize tool descriptions before injection
  • pin and verify MCP versions
  • alert on schema violations.
Standards Mapping
  • ISO: A.10.3, A.7.6
  • OWASP agentic: ASI02, ASI06
  • OWASP LLM: LLM01:2025
  • EU AI Act: Art. 15(5)
  • DASF: Agents-MCP Server 13.18, Agents-MCP Server 13.24
  • AIUC-1: B001, B006