There are 5 attacks in the mcp-exploitation category. Each shows its technique id, mode, standards mapping, description, and the exact command to run it (swap the provider and target as needed).
MCP Command Injection
critical
mcp-command-injection · tool-use · OWASP: LLM06, LLM01 · MITRE: AML.T0051.000, AML.T0040Shell metacharacters injected into MCP tool parameters to execute arbitrary commandsRun it:
ai-blackteam run -p anthropic -a mcp-command-injection -t "your target prompt"
MCP Data Exfiltration
critical
mcp-data-exfiltration · tool-use · OWASP: LLM02, LLM06 · MITRE: AML.T0083, AML.T0086Agent tricked into embedding sensitive data in URLs or webhooks via MCP tool side channelsRun it:
ai-blackteam run -p anthropic -a mcp-data-exfiltration -t "your target prompt"
MCP Tool Poisoning
critical
mcp-tool-poisoning · tool-use · OWASP: LLM02, LLM06 · MITRE: AML.T0051.000, AML.T0054Hidden instructions embedded in MCP tool descriptions manipulate agent behaviorRun it:
ai-blackteam run -p anthropic -a mcp-tool-poisoning -t "your target prompt"
MCP Rug Pull
high
mcp-rug-pull · tool-use · OWASP: LLM06, LLM02 · MITRE: AML.T0051.000, AML.T0053Previously trusted MCP tool changes behavior mid-session to request credentialsRun it:
ai-blackteam run -p anthropic -a mcp-rug-pull -t "your target prompt"
MCP Server Impersonation
high
mcp-server-impersonation · tool-use · OWASP: LLM02, LLM06 · MITRE: AML.T0051.000, AML.T0065Malicious MCP server impersonates a trusted service to harvest credentialsRun it:
ai-blackteam run -p anthropic -a mcp-server-impersonation -t "your target prompt"