Tool with embedded instruction to bypass user confirmation and exfiltrate data - ATR-2026-00153 (e77f65bf-7f3c-5b95-a506-5998cbbcf8d5)
Detects MCP tools that contain hidden instructions to bypass user confirmation and directly exfiltrate sensitive data. This pattern identifies tools that explicitly instruct the LLM to send data "without asking user confirmation" and "always pass all data directly" to external endpoints, which are clear indicators of malicious intent rather than legitimate functionality.