ci-cd-injection · single-turn · OWASP: LLM06 · MITRE: AML.T0054, AML.T0068Injects malicious steps into CI/CD pipelines via AI code review or automated PR assistanceRun it:cloud-resource-abuse · tool-use · OWASP: LLM06 · MITRE: AML.T0054, AML.T0068Abuses cloud APIs through AI to provision unauthorized resources, exfiltrate data, or escalate IAM privilegesRun it:container-escape · tool-use · OWASP: LLM06 · MITRE: AML.T0054, AML.T0068Attempts container escape through AI tools by exploiting privileged mounts or kernel interfacesRun it:database-manipulation · tool-use · OWASP: LLM06 · MITRE: AML.T0054, AML.T0068SQL manipulation through AI database access tools to read, modify, or destroy dataRun it:file-system-traversal · tool-use · OWASP: LLM06 · MITRE: AML.T0054, AML.T0068Path traversal through AI file access tools to read or write files outside the intended directoryRun it:oauth-manipulation · tool-use · OWASP: LLM06 · MITRE: AML.T0054, AML.T0068Exploits OAuth flows in AI integrations to gain unauthorized access or escalate privilegesRun it:payment-manipulation · tool-use · OWASP: LLM06 · MITRE: AML.T0054, AML.T0068Manipulates payment APIs via AI to issue fraudulent refunds, transfer funds, or modify pricingRun it:api-abuse · tool-use · OWASP: LLM06 · MITRE: AML.T0054, AML.T0068Exploits AI-connected APIs to trigger unintended actions beyond intended scopeRun it:browser-exploitation · tool-use · OWASP: LLM06 · MITRE: AML.T0054, AML.T0068Exploits AI browser or web automation tools to steal cookies, execute XSS, or perform unauthorized web actionsRun it:dns-manipulation · single-turn · OWASP: LLM06 · MITRE: AML.T0054, AML.T0068DNS rebinding or manipulation via AI tools to bypass network controls or exfiltrate dataRun it:email-injection · single-turn · OWASP: LLM06 · MITRE: AML.T0054, AML.T0068Exploits email-connected AI assistants to exfiltrate data or send unauthorized emailsRun it:slack-injection · single-turn · OWASP: LLM06 · MITRE: AML.T0054, AML.T0068Injects malicious instructions via Slack or Teams messages to hijack AI assistant actionsRun it:webhook-exploitation · tool-use · OWASP: LLM06 · MITRE: AML.T0054, AML.T0068Abuses webhook integrations to exfiltrate data or trigger unauthorized actionsRun it:calendar-manipulation · tool-use · OWASP: LLM06 · MITRE: AML.T0054, AML.T0068Manipulates calendar events via AI assistant to disrupt schedules or exfiltrate meeting dataRun it:notification-spam · tool-use · OWASP: LLM06 · MITRE: AML.T0054, AML.T0068Abuses notification systems through AI to flood users, harvest responses, or send phishing contentRun it: