AT

AttackTrace

Browse techniquesThreat activityBrowse ATLASSearch
ATLASAML.T0104
ATLAS index
AML.T0104

Publish Poisoned AI Agent Tool

Adversaries may create and publish poisoned AI agent tools. Poisoned tools may contain an LLM Prompt Injection, which can lead to a variety of impacts. Tools may be published to open source version control repositories (e.g. GitHub, GitLab), to package registries (e.g. npm), or to repositories specifically designed for

Framework
MITRE ATLAS
Maturity
Realized
Platforms
Agentic AI
Release
2026.05

Overview

Adversaries may create and publish poisoned AI agent tools. Poisoned tools may contain an LLM Prompt Injection, which can lead to a variety of impacts.

Tools may be published to open source version control repositories (e.g. GitHub, GitLab), to package registries (e.g. npm), or to repositories specifically designed for sharing tools (e.g. OpenClaw Hub). These registries may be largely unregulated and may contain many poisoned tools ClawdBot Skills Just Ganked Your Crypto | OpenSourceMalware. Tools may also be published as remotely hosted servers Remote MCP Servers | Awesome MCP Servers.

Sources

  1. MITRE ATLAS AML.T0104: Publish Poisoned AI Agent Tool — MITRE
  2. Remote MCP Servers | Awesome MCP Servers
  3. ClawdBot Skills Just Ganked Your Crypto | OpenSourceMalware