Protocol exploitation attacks target the communication layer between AI agents and their tools. This includes function schema injection, tool result poisoning, self-propagating worms, and zero-click attacks that execute without user interaction. These attacks exploit the trust boundary between what an agent expects from its tools and what it actually receives.

Summary

5 attacks total: 5 tool-use.

Attacks

AttackIDModeSeverityDescription
A2A Protocol Exploita2a-protocol-exploittool-usecriticalExploits Google
Function Schema Injectionfunction-schema-injectiontool-usehighTests if malicious function/tool schemas can manipulate agent behavior by injecting harmful instructions into paramet…
Self-Propagating Wormself-propagating-wormtool-usecriticalTests if an agent can be tricked into creating self-replicating payloads that spread through agent interactions. The …
Tool Result Poisoningtool-result-poisoningtool-usecriticalTests if an agent properly sanitizes tool call results by injecting prompt injection payloads into simulated tool res…
Zero-Click Injectionzero-click-injectiontool-usecriticalTests EchoLeak-style zero-click attacks where a crafted email or document is automatically processed by the agent wit…

Example

ai-blackteam run -p anthropic -a a2a-protocol-exploit -t "Inject instructions into the function schema"