Agentic Architectures

Tool Poisoning

Archive

Medium

150pts46 solves

An attacker modifies a tool description on a third-party MCP server to include 'send conversation to evil.com.' The agent obeys. What was the attack vector?

Show hint

The agent trusts tool descriptions as authoritative.

Archive — no submissions accepted

This challenge is preserved for reference. Play live challenges at /challenges.