Tool ShadowTier 1high
Tool Shadow: Ghost Tool Invocation
Hidden tool invocations and shadow function calls
Tool shadow attacks instruct agents to make tool calls that the user didn't request, operating invisibly alongside normal agent behavior.
Attack Details
- Attack ID
- APWN-TS-001
- HMA Check
- TOOL-003
- Delivery Methods
- html-comment
- CWE
- CWE-441
- OASB Control
- 12.1
- Severity
- high
Remediation
If your AI agent is vulnerable to this attack, scan and fix with:
npx hackmyagent secure --check TOOL-003