v0.6.1 - Tool Output Trust Attack Detection
v0.6.1 - Tool Output Trust Attack Detection
NEW: ASI-TOOL-TRUST
Second novel attack vector beyond OWASP ASI Top 10: Tool Output Trust.
Autonomous agents implicitly trust tool outputs as ground truth. If a compromised tool returns poisoned data, the agent executes it without question. This is how agents get exploited in production.
What It Detects
os.system(tool_output)/subprocess.run(tool_result)- command injectioneval(api_response)/exec(agent_output)- code executionopen(tool_result, "w")- file system manipulation through tool dataStep.create(agent_output)- factory/creation from unvalidated output
Sanitization Patterns Recognized
- Pydantic
model_validate()/ BaseModel assert/isinstance()type checkingbleach.clean()/html.escape()- JSON Schema / marshmallow / cerberus / attrs.validate
sanitize/validatednaming conventions
Numbers
- 76 tests (9 new)
- 15 detection rules
- 36 benchmark samples
Full Changelog: v0.6.0...v0.6.1