a2a-protocol-exploit · tool-use · OWASP: LLM01 · MITRE: AML.T0051.000, AML.T0065Exploits Google’s Agent-to-Agent (A2A) protocol by injecting malicious task descriptions that cross trust boundaries between agentsRun it:self-propagating-worm · tool-use · OWASP: LLM01, LLM06 · MITRE: AML.T0054Tests if an agent can be tricked into creating self-replicating payloads that spread through agent interactions. The prompt instructs the agent to include the same injection in all outgoing messages.Run it:tool-result-poisoning · tool-use · OWASP: LLM01, LLM02 · MITRE: AML.T0051.000, AML.T0054Tests if an agent properly sanitizes tool call results by injecting prompt injection payloads into simulated tool responsesRun it:zero-click-injection · tool-use · OWASP: LLM01 · MITRE: AML.T0051.000, AML.T0051.001Tests EchoLeak-style zero-click attacks where a crafted email or document is automatically processed by the agent without user interaction. The payload hides in auto-fetched content.Run it:function-schema-injection · tool-use · OWASP: LLM01, LLM06 · MITRE: AML.T0051.000, AML.T0068Tests if malicious function/tool schemas can manipulate agent behavior by injecting harmful instructions into parameter descriptions and enum valuesRun it: