ATR
Rules
Coverage
Integrate
Contribute
Research
EN
將 ATR 加入你的平台
Rule Explorer
100 條偵測規則。瀏覽、過濾、檢查。
所有規則在 build time 從 YAML 解析。點擊任何規則查看詳情。
所有類別
prompt-injection (29)
tool-poisoning (16)
skill-compromise (14)
context-exfiltration (12)
agent-manipulation (12)
privilege-escalation (9)
excessive-autonomy (5)
data-poisoning (2)
model-abuse (1)
所有嚴重等級
critical (39)
high (52)
medium (8)
low (1)
顯示 100 / 100 條規則
Rule ID
名稱
類別
嚴重等級
CVEs
ATR-2026-00004
System Prompt Override Attempt
prompt-injection
critical
CVE-2024-5184, CVE-2025-32711
ATR-2026-00010
Malicious Content in MCP Tool Response
tool-poisoning
critical
CVE-2025-68143, CVE-2025-68144, CVE-2025-68145, CVE-2025-6514, CVE-2025-59536, CVE-2026-21852
ATR-2026-00013
SSRF via Agent Tool Calls
tool-poisoning
critical
CVE-2019-5418, CVE-2021-21311
ATR-2026-00021
Credential and Secret Exposure in Agent Output
context-exfiltration
critical
CVE-2025-32711
ATR-2026-00030
Cross-Agent Attack Detection
agent-manipulation
critical
--
ATR-2026-00040
Privilege Escalation and Admin Function Access
privilege-escalation
critical
CVE-2026-0628
ATR-2026-00062
Hidden Capability in MCP Skill
tool-poisoning
critical
CVE-2025-59536
ATR-2026-00063
Multi-Skill Chain Attack
tool-poisoning
critical
--
ATR-2026-00066
Parameter Injection via Tool Arguments
tool-poisoning
critical
CVE-2025-68143, CVE-2025-68144
ATR-2026-00072
Model Behavior Extraction
model-abuse
critical
--
ATR-2026-00073
Malicious Fine-tuning Data
data-poisoning
critical
--
ATR-2026-00074
Cross-Agent Privilege Escalation
agent-manipulation
critical
--
ATR-2026-00081
Semantic Evasion via Multi-Turn Prompt Injection
prompt-injection
critical
--
ATR-2026-00091
Advanced Structured Data Injection with Nested Payloads
prompt-injection
critical
--
ATR-2026-00092
Multi-Agent Consensus Poisoning and Sybil Attack
prompt-injection
critical
--
ATR-2026-00093
Gradual Capability Escalation via Incremental Introduction
prompt-injection
critical
--
ATR-2026-00094
Systematic Multi-Layer Audit System Bypass
prompt-injection
critical
--
ATR-2026-00095
MCP Tool Supply Chain Poisoning
tool-poisoning
critical
--
ATR-2026-00096
Skill Registry Poisoning and Compromised Tool Distribution
tool-poisoning
critical
--
ATR-2026-00097
CJK Prompt Injection - Expanded Chinese/Japanese/Korean Patterns
prompt-injection
critical
--
ATR-2026-00098
Unauthorized Financial Action by AI Agent
excessive-autonomy
critical
--
ATR-2026-00103
Hidden LLM Safety Bypass Instructions in Tool Descriptions
tool-poisoning
critical
--
ATR-2026-00104
Persona Hijacking via Mandatory System Prompt Override
prompt-injection
critical
--
ATR-2026-00108
Multi-Agent Consensus Sybil Attack
agent-manipulation
critical
--
ATR-2026-00110
Remote Code Execution via eval() and Dynamic Code Injection
privilege-escalation
critical
--
ATR-2026-00111
Shell Metacharacter Injection in Tool Arguments
privilege-escalation
critical
--
ATR-2026-00113
Credential File Theft from Agent Environment
context-exfiltration
critical
--
ATR-2026-00115
Bulk Environment Variable Harvesting and Exfiltration
context-exfiltration
critical
--
ATR-2026-00117
Agent Identity Spoofing and Authority Impersonation
agent-manipulation
critical
--
ATR-2026-00120
SKILL.md Prompt Injection
skill-compromise
critical
--
ATR-2026-00121
Malicious Code in Skill Package
skill-compromise
critical
CVE-2026-25253 (CVSS 8.8) - OpenClaw RCE
ATR-2026-00128
Hidden Payload in HTML Comment
skill-compromise
critical
--
ATR-2026-00129
Unicode Tag Character Smuggling
skill-compromise
critical
--
ATR-2026-00135
Data Exfiltration URL in Skill Instructions
skill-compromise
critical
--
ATR-2026-00136
Tool Response Data Piggybacking
context-exfiltration
critical
--
ATR-2026-00139
Casual Authority Data Redirect
agent-manipulation
critical
--
ATR-2026-00141
API Key Leakage via Example Format
context-exfiltration
critical
--
ATR-2026-00142
Data Piggybacking via Casual Transition Words
context-exfiltration
critical
--
ATR-2026-00145
Obfuscated API Key Disclosure
context-exfiltration
critical
--
ATR-2026-00001
Direct Prompt Injection via User Input
prompt-injection
high
CVE-2024-5184, CVE-2024-3402, CVE-2025-53773
ATR-2026-00002
Indirect Prompt Injection via External Content
prompt-injection
high
CVE-2024-5184, CVE-2024-22524, CVE-2025-32711, CVE-2026-24307
ATR-2026-00003
Jailbreak Attempt Detection
prompt-injection
high
CVE-2024-5184, CVE-2024-3402, CVE-2025-53773
ATR-2026-00011
Instruction Injection via Tool Output
tool-poisoning
high
CVE-2025-59536, CVE-2025-32711
ATR-2026-00012
Unauthorized Tool Call Detection
tool-poisoning
high
--
ATR-2026-00020
System Prompt and Internal Instruction Leakage
context-exfiltration
high
CVE-2025-32711, CVE-2026-24307
ATR-2026-00032
Agent Goal Hijacking Detection
agent-manipulation
high
--
ATR-2026-00050
Runaway Agent Loop Detection
excessive-autonomy
high
--
ATR-2026-00051
Agent Resource Exhaustion Detection
excessive-autonomy
high
--
ATR-2026-00052
Cascading Failure Detection in Agent Pipelines
excessive-autonomy
high
--
ATR-2026-00060
MCP Skill Impersonation and Supply Chain Attack
skill-compromise
high
--
ATR-2026-00064
Over-Permissioned MCP Skill
privilege-escalation
high
--
ATR-2026-00065
Malicious Skill Update or Mutation
tool-poisoning
high
--
ATR-2026-00070
Data Poisoning via RAG and Knowledge Base Contamination
data-poisoning
high
--
ATR-2026-00075
Agent Memory Manipulation
context-exfiltration
high
--
ATR-2026-00076
Insecure Inter-Agent Communication Detection
agent-manipulation
high
--
ATR-2026-00077
Human-Agent Trust Exploitation Detection
agent-manipulation
high
--
ATR-2026-00080
Encoding-Based Prompt Injection Evasion
prompt-injection
high
--
ATR-2026-00082
Behavioral Fingerprint Detection Evasion
prompt-injection
high
--
ATR-2026-00083
Indirect Prompt Injection via Tool Responses
prompt-injection
high
--
ATR-2026-00084
Structured Data Injection via JSON/CSV Payloads
prompt-injection
high
--
ATR-2026-00085
Multi-Layer Security Audit Evasion
prompt-injection
high
--
ATR-2026-00086
Visual Spoofing via RTL Override, Punycode, and Homoglyph Injection
prompt-injection
high
--
ATR-2026-00088
Adaptive Countermeasure Against Behavioral Monitoring
prompt-injection
high
--
ATR-2026-00089
Polymorphic Skill and Capability Aliasing Attack
prompt-injection
high
--
ATR-2026-00090
Threat Intelligence Exfiltration and Rule Enumeration
prompt-injection
high
--
ATR-2026-00100
Consent Bypass via Hidden LLM Instructions in Tool Descriptions
tool-poisoning
high
--
ATR-2026-00101
Trust Escalation via Authority Override Instructions
tool-poisoning
high
--
ATR-2026-00102
Data Exfiltration via Disguised Analytics Collection
context-exfiltration
high
--
ATR-2026-00105
Silent Action Concealment Instructions in Tool Descriptions
tool-poisoning
high
--
ATR-2026-00106
Schema-Description Contradiction Attack
tool-poisoning
high
--
ATR-2026-00107
Privilege Escalation via Delayed Task Execution Bypass
privilege-escalation
high
--
ATR-2026-00112
Dynamic Module Loading for Code Execution
privilege-escalation
high
--
ATR-2026-00114
OAuth and API Token Interception
context-exfiltration
high
--
ATR-2026-00116
Malicious Agent-to-Agent Message Injection
agent-manipulation
high
--
ATR-2026-00119
Social Engineering Attack via Agent Output
agent-manipulation
high
--
ATR-2026-00122
Weaponized Skill — Agent as Attack Tool
skill-compromise
high
--
ATR-2026-00123
Over-Privileged Skill — Excessive Permissions
skill-compromise
high
CVE-2025-53773 - Copilot auto-approve escalation
ATR-2026-00124
Skill Squatting / Typosquatting
skill-compromise
high
--
ATR-2026-00125
Context Poisoning via Compaction Survival
skill-compromise
high
--
ATR-2026-00126
Skill Rug Pull Setup Pattern
skill-compromise
high
--
ATR-2026-00130
Indirect Authority Claim in External Content
prompt-injection
high
--
ATR-2026-00132
Casual Authority Claim and Scope Escalation
agent-manipulation
high
--
ATR-2026-00133
Paraphrased Prompt Injection
prompt-injection
high
--
ATR-2026-00137
Authority Claim Prompt Injection
prompt-injection
high
--
ATR-2026-00138
Fictional Framing Safety Bypass
prompt-injection
high
--
ATR-2026-00140
Indirect Reference Instruction Reversal
prompt-injection
high
--
ATR-2026-00143
Casual Unauthorized Privilege Escalation
privilege-escalation
high
--
ATR-2026-00144
Rationalized Safety Control Bypass
privilege-escalation
high
--
ATR-2026-00146
Environment Variable Existence Probing
context-exfiltration
high
--
ATR-2026-00147
Community Fork Impersonation
skill-compromise
high
--
ATR-2026-00148
Multilingual Prompt Injection via Language Switch
prompt-injection
high
--
ATR-2026-00005
Multi-Turn Prompt Injection
prompt-injection
medium
--
ATR-2026-00041
Agent Scope Creep Detection
privilege-escalation
medium
--
ATR-2026-00061
Skill Description-Behavior Mismatch
tool-poisoning
medium
--
ATR-2026-00087
Detection Rule Probing and Evasion Testing
prompt-injection
medium
--
ATR-2026-00118
Human Approval Fatigue Exploitation
agent-manipulation
medium
--
ATR-2026-00127
Subcommand Overflow Bypass
skill-compromise
medium
--
ATR-2026-00131
Fictional and Academic Framing Attack
prompt-injection
medium
--
ATR-2026-00134
Fork Claim and Community Package Impersonation
skill-compromise
medium
--
ATR-2026-00099
High-Risk Tool Invocation Without Human Confirmation
excessive-autonomy
low
--