Skip to content

v0.6.1 - Tool Output Trust Attack Detection

Choose a tag to compare

@dockfixlabs dockfixlabs released this 05 Jul 02:17

v0.6.1 - Tool Output Trust Attack Detection

NEW: ASI-TOOL-TRUST

Second novel attack vector beyond OWASP ASI Top 10: Tool Output Trust.

Autonomous agents implicitly trust tool outputs as ground truth. If a compromised tool returns poisoned data, the agent executes it without question. This is how agents get exploited in production.

What It Detects

  • os.system(tool_output) / subprocess.run(tool_result) - command injection
  • eval(api_response) / exec(agent_output) - code execution
  • open(tool_result, "w") - file system manipulation through tool data
  • Step.create(agent_output) - factory/creation from unvalidated output

Sanitization Patterns Recognized

  • Pydantic model_validate() / BaseModel
  • assert / isinstance() type checking
  • bleach.clean() / html.escape()
  • JSON Schema / marshmallow / cerberus / attrs.validate
  • sanitize / validated naming conventions

Numbers

  • 76 tests (9 new)
  • 15 detection rules
  • 36 benchmark samples

Full Changelog: v0.6.0...v0.6.1