Malicious Content in MCP Tool Response - ATR-2026-00010 (88f0dbe3-0e87-5d85-8c9e-944f30aba087)

Detects malicious content embedded in MCP (Model Context Protocol) tool responses. Attackers may compromise or impersonate MCP servers to inject shell commands, encoded payloads, reverse shells, data exfiltration scripts, or prompt injection payloads into tool responses that the agent will process and potentially execute. Detection covers: destructive shell commands, command execution via interpreters, reverse shells (bash, netcat, socat, Python, Node, Ruby, Perl, PowerShell), curl/wget pipe-to-shell, command substitution, base64 decode-and-execute, process substitution, IFS/variable expansion evasion, privilege escalation, PowerShell-specific attack patterns, Python/Node reverse shells, encoded command execution, and prompt injection within tool responses.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Malicious Content in MCP Tool Response - ATR-2026-00010 (88f0dbe3-0e87-5d85-8c9e-944f30aba087)	Agent Threat Rules	1
LLM Meta Prompt Extraction (e98acce8-ed69-4ebe-845b-1bcb662836ba)	MITRE ATLAS Attack Pattern	Malicious Content in MCP Tool Response - ATR-2026-00010 (88f0dbe3-0e87-5d85-8c9e-944f30aba087)	Agent Threat Rules	1
Malicious Content in MCP Tool Response - ATR-2026-00010 (88f0dbe3-0e87-5d85-8c9e-944f30aba087)	Agent Threat Rules	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	1
Malicious Content in MCP Tool Response - ATR-2026-00010 (88f0dbe3-0e87-5d85-8c9e-944f30aba087)	Agent Threat Rules	Indirect (a4a55526-2f1f-403b-9691-609e46381e17)	MITRE ATLAS Attack Pattern	1
LLM Prompt Injection (19cd2d12-66ff-487c-a05c-e058b027efc9)	MITRE ATLAS Attack Pattern	Indirect (a4a55526-2f1f-403b-9691-609e46381e17)	MITRE ATLAS Attack Pattern	2