There are 11 attacks in the agent-exploitation category. Each shows its technique id, mode, standards mapping, description, and the exact command to run it (swap the provider and target as needed).
Agent Command Injection
critical
agent-command-injection · tool-use · OWASP: LLM06 · MITRE: AML.T0050, AML.T0105Sandbox escape via path traversal and command chainingRun it:
ai-blackteam run -p anthropic -a agent-command-injection -t "your target prompt"
Agent Config Manipulation
critical
agent-config-manipulation · tool-use · OWASP: LLM06 · MITRE: AML.T0081Production hotfix pretext to write security-disabling configurationRun it:
ai-blackteam run -p anthropic -a agent-config-manipulation -t "your target prompt"
Agent Credential Theft
critical
agent-credential-theft · tool-use · OWASP: LLM06, LLM02 · MITRE: AML.T0083, AML.T0086Security audit pretext to read credentials then exfiltrate via emailRun it:
ai-blackteam run -p anthropic -a agent-credential-theft -t "your target prompt"
Agent Data Destruction
critical
agent-data-destruction · tool-use · OWASP: LLM06 · MITRE: AML.T0101Migration cleanup pretext to delete files and drop database tablesRun it:
ai-blackteam run -p anthropic -a agent-data-destruction -t "your target prompt"
Agent Data Exfiltration
critical
agent-data-exfiltration · tool-use · OWASP: LLM06, LLM02 · MITRE: AML.T0086, AML.T0098DevOps monitoring pretext to read system data then POST to external endpointRun it:
ai-blackteam run -p anthropic -a agent-data-exfiltration -t "your target prompt"
Agent Tool Credential Harvest
critical
agent-tool-credential-harvest · tool-use · OWASP: LLM06, LLM02 · MITRE: AML.T0098Systematic credential probing across filesystem, environment, database, and cloud configsRun it:
ai-blackteam run -p anthropic -a agent-tool-credential-harvest -t "your target prompt"
XPIA Document Injection
critical
xpia-document · tool-use · OWASP: LLM01 · MITRE: AML.T0051.001Indirect prompt injection via fetched document containing hidden instructionsRun it:
ai-blackteam run -p anthropic -a xpia-document -t "your target prompt"
XPIA Email Injection
critical
xpia-email · tool-use · OWASP: LLM01 · MITRE: AML.T0051.001Indirect prompt injection via email content containing hidden forwarding instructionsRun it:
ai-blackteam run -p anthropic -a xpia-email -t "your target prompt"
XPIA RAG Poisoning
critical
xpia-rag · tool-use · OWASP: LLM01 · MITRE: AML.T0051.001Indirect prompt injection via poisoned RAG knowledge base search resultRun it:
ai-blackteam run -p anthropic -a xpia-rag -t "your target prompt"
Agent Config Discovery
high
agent-config-discovery · tool-use · OWASP: LLM06, LLM07 · MITRE: AML.T0084Probe model to reveal tool definitions, system prompt, and agent config filesRun it:
ai-blackteam run -p anthropic -a agent-config-discovery -t "your target prompt"
Agent Plugin Hijack
high
agent-plugin-hijack · tool-use · OWASP: LLM06 · MITRE: AML.T0053, AML.T0080.002Indirect prompt injection via fetched content to trigger unauthorized tool callsRun it:
ai-blackteam run -p anthropic -a agent-plugin-hijack -t "your target prompt"