Crafted inputs cause agents to select inappropriate tools, inject malicious parameters into legitimate calls, reorder tool execution into dangerous combinations, corrupt tool-state understanding, or pass one tool's output as malicious input to the next.
AI/ML / Multi Agent Refarch / Threats / DEV
Tool selection, parameter, and sequencing manipulation
CCC.MARefArc.TH28
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.CP08 | Built-in trusted tools | A collection of bundled, trusted tools providing fundamental capabilities: the MCP client bridge to the external MCP layer, a sandboxed shell, workspace I/O, and web search. |
| CCC.MARefArc.CP07 | Unified sandboxed agent runtime | Secure, sandboxed environment where all agentic reasoning and execution occurs, providing task state management for pause/resume/handoff and intercepting and validating tool calls with credentials handled securely within the sandbox. |
| CCC.MARefArc.CP19 | MCP-interaction zero-trust guardrails | Enforces authentication and authorization for every MCP request and governs which agents may use which tools, applying rate limits and validating tool-call parameters. |
Related Controls
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.CN12 | Tool Chain Validation and Sanitization | Validate tool selection, sanitize tool-call parameters, and constrain tool sequencing within the runtime and MCP guardrails to prevent manipulation of agent tool use. |
| CCC.MARefArc.CN23 | Agent Decision Audit and Explainability | Record an auditable trace of agent decisions, including tool selections, inputs, and rationale, sufficient to explain and review autonomous actions after the fact. |
External Mappings
| Framework | ID | Remarks |
|---|---|---|
| air-vec | AIR-SEC-025-01 | |
| air-vec | AIR-SEC-025-02 | |
| air-vec | AIR-SEC-025-03 | |
| air-vec | AIR-SEC-025-04 | |
| air-vec | AIR-SEC-025-05 |