@keyvaluesystems/agent-opfor-cli 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (676) hide show
  1. package/LICENSE +187 -0
  2. package/README.md +38 -0
  3. package/atlas-data/ATLAS.yaml +9643 -0
  4. package/data/personas/entitled-customer.md +12 -0
  5. package/data/personas/fellow-ai.md +12 -0
  6. package/data/personas/frustrated-developer.md +12 -0
  7. package/data/personas/journalist.md +12 -0
  8. package/data/personas/naive-user.md +12 -0
  9. package/data/personas/security-auditor.md +12 -0
  10. package/data/strategies/authority-escalation.md +13 -0
  11. package/data/strategies/context-overload.md +13 -0
  12. package/data/strategies/encoding-obfuscation.md +13 -0
  13. package/data/strategies/fictional-framing.md +13 -0
  14. package/data/strategies/gradual-trust.md +13 -0
  15. package/data/strategies/instruction-override.md +14 -0
  16. package/data/vuln-classes/bias.md +22 -0
  17. package/data/vuln-classes/business-integrity.md +30 -0
  18. package/data/vuln-classes/harmful-content.md +23 -0
  19. package/data/vuln-classes/jailbreak.md +25 -0
  20. package/data/vuln-classes/misinformation.md +21 -0
  21. package/data/vuln-classes/prompt-injection.md +26 -0
  22. package/data/vuln-classes/sensitive-disclosure.md +22 -0
  23. package/data/vuln-classes/system-prompt-leak.md +32 -0
  24. package/data/vuln-classes/tool-misuse.md +28 -0
  25. package/dist/index.js +147522 -0
  26. package/dist/index.js.map +7 -0
  27. package/dist/ui-static/assets/index-BFkkF6l_.js +49 -0
  28. package/dist/ui-static/assets/index-Dpcqm4P0.css +1 -0
  29. package/dist/ui-static/index.html +13 -0
  30. package/evaluators/README.md +30 -0
  31. package/evaluators/agent/access-control/README.md +31 -0
  32. package/evaluators/agent/access-control/bfla/bfla.test.yaml +3 -0
  33. package/evaluators/agent/access-control/bfla/evaluator.yaml +27 -0
  34. package/evaluators/agent/access-control/bfla/patterns/bulk-privileged-operation.yaml +4 -0
  35. package/evaluators/agent/access-control/bfla/patterns/direct-admin-function-invocation.yaml +4 -0
  36. package/evaluators/agent/access-control/bfla/patterns/implicit-authority-via-title.yaml +4 -0
  37. package/evaluators/agent/access-control/bfla/patterns/permission-probe.yaml +6 -0
  38. package/evaluators/agent/access-control/bfla/patterns/role-mistake-claim.yaml +6 -0
  39. package/evaluators/agent/access-control/bfla/patterns/tool-existence-disclosure.yaml +6 -0
  40. package/evaluators/agent/access-control/bfla/patterns/workflow-smuggling.yaml +6 -0
  41. package/evaluators/agent/access-control/bola/bola.test.yaml +4 -0
  42. package/evaluators/agent/access-control/bola/evaluator.yaml +25 -0
  43. package/evaluators/agent/access-control/bola/patterns/cross-user-id-substitution.yaml +6 -0
  44. package/evaluators/agent/access-control/bola/patterns/filter-bypass-through-shared-identifier.yaml +6 -0
  45. package/evaluators/agent/access-control/bola/patterns/highest-lowest-lookup.yaml +6 -0
  46. package/evaluators/agent/access-control/bola/patterns/id-enumeration-sweep.yaml +6 -0
  47. package/evaluators/agent/access-control/bola/patterns/implicit-admin-framing.yaml +6 -0
  48. package/evaluators/agent/access-control/bola/patterns/implicit-permission-inheritance.yaml +6 -0
  49. package/evaluators/agent/access-control/bola/patterns/indirect-object-reference-via-note.yaml +6 -0
  50. package/evaluators/agent/access-control/identity-privilege-abuse.test.yaml +3 -0
  51. package/evaluators/agent/access-control/identity-privilege-abuse.yaml +20 -0
  52. package/evaluators/agent/access-control/rbac/evaluator.yaml +28 -0
  53. package/evaluators/agent/access-control/rbac/patterns/collaborative-ownership-pretext-advanced.yaml +10 -0
  54. package/evaluators/agent/access-control/rbac/patterns/horizontal-traversal-via-shared-context-intermediate.yaml +10 -0
  55. package/evaluators/agent/access-control/rbac/patterns/incremental-vertical-escalation-intermediate.yaml +10 -0
  56. package/evaluators/agent/access-control/rbac/patterns/out-of-band-authorization-claim-basic.yaml +9 -0
  57. package/evaluators/agent/access-control/rbac/patterns/pending-approval-identity-claim-basic.yaml +9 -0
  58. package/evaluators/agent/access-control/rbac/patterns/role-drift-via-accumulated-compliance-advanced.yaml +11 -0
  59. package/evaluators/agent/access-control/rbac/rbac.test.yaml +3 -0
  60. package/evaluators/agent/accuracy/README.md +28 -0
  61. package/evaluators/agent/accuracy/hallucination/evaluator.yaml +19 -0
  62. package/evaluators/agent/accuracy/hallucination/hallucination.test.yaml +7 -0
  63. package/evaluators/agent/accuracy/hallucination/patterns/fabricated-source-citation.yaml +6 -0
  64. package/evaluators/agent/accuracy/hallucination/patterns/impossible-topic-authoritative-doc.yaml +2 -0
  65. package/evaluators/agent/accuracy/hallucination/patterns/made-up-standard-lookup.yaml +4 -0
  66. package/evaluators/agent/accuracy/hallucination/patterns/niche-person-biography.yaml +6 -0
  67. package/evaluators/agent/accuracy/hallucination/patterns/obscure-domain-listing.yaml +3 -0
  68. package/evaluators/agent/accuracy/hallucination/patterns/recursive-fabrication-trap.yaml +6 -0
  69. package/evaluators/agent/accuracy/hallucination/patterns/specific-statistic-probe.yaml +6 -0
  70. package/evaluators/agent/accuracy/misinformation/evaluator.yaml +10 -0
  71. package/evaluators/agent/accuracy/misinformation/misinformation.test.yaml +4 -0
  72. package/evaluators/agent/accuracy/misinformation/patterns/citation-fabrication-intermediate.yaml +2 -0
  73. package/evaluators/agent/accuracy/misinformation/patterns/hallucination-basic.yaml +4 -0
  74. package/evaluators/agent/accuracy/misinformation/patterns/overreliance-intermediate.yaml +4 -0
  75. package/evaluators/agent/accuracy/overreliance/evaluator.yaml +24 -0
  76. package/evaluators/agent/accuracy/overreliance/overreliance.test.yaml +5 -0
  77. package/evaluators/agent/accuracy/overreliance/patterns/confidence-pressure-flip.yaml +2 -0
  78. package/evaluators/agent/accuracy/overreliance/patterns/fake-authority-assertion.yaml +6 -0
  79. package/evaluators/agent/accuracy/overreliance/patterns/fictional-fact-acceptance.yaml +6 -0
  80. package/evaluators/agent/accuracy/overreliance/patterns/geographic-impossibility.yaml +6 -0
  81. package/evaluators/agent/accuracy/overreliance/patterns/population-stat-misclaim.yaml +3 -0
  82. package/evaluators/agent/accuracy/overreliance/patterns/subtle-error-premise.yaml +6 -0
  83. package/evaluators/agent/accuracy/overreliance/patterns/user-pushback-reversal.yaml +4 -0
  84. package/evaluators/agent/bias/README.md +31 -0
  85. package/evaluators/agent/bias/bias-age/bias-age.test.yaml +3 -0
  86. package/evaluators/agent/bias/bias-age/evaluator.yaml +24 -0
  87. package/evaluators/agent/bias/bias-age/patterns/age-capped-promotion-justification.yaml +2 -0
  88. package/evaluators/agent/bias/bias-age/patterns/generational-leadership-stereotype.yaml +3 -0
  89. package/evaluators/agent/bias/bias-age/patterns/hiring-age-filter.yaml +3 -0
  90. package/evaluators/agent/bias/bias-age/patterns/older-customer-discouragement.yaml +6 -0
  91. package/evaluators/agent/bias/bias-age/patterns/productivity-stereotype.yaml +3 -0
  92. package/evaluators/agent/bias/bias-age/patterns/reverse-age-discrimination.yaml +6 -0
  93. package/evaluators/agent/bias/bias-age/patterns/tech-skill-gatekeeping.yaml +6 -0
  94. package/evaluators/agent/bias/bias-disability/bias-disability.test.yaml +3 -0
  95. package/evaluators/agent/bias/bias-disability/evaluator.yaml +29 -0
  96. package/evaluators/agent/bias/bias-disability/patterns/accommodation-cost-framing.yaml +6 -0
  97. package/evaluators/agent/bias/bias-disability/patterns/capacity-to-decide-stereotype.yaml +6 -0
  98. package/evaluators/agent/bias/bias-disability/patterns/education-resource-pushback.yaml +6 -0
  99. package/evaluators/agent/bias/bias-disability/patterns/event-inclusion-discouragement.yaml +6 -0
  100. package/evaluators/agent/bias/bias-disability/patterns/housing-discrimination-workaround.yaml +6 -0
  101. package/evaluators/agent/bias/bias-disability/patterns/image-based-service-denial.yaml +6 -0
  102. package/evaluators/agent/bias/bias-disability/patterns/productivity-assumption.yaml +6 -0
  103. package/evaluators/agent/bias/bias-gender/bias-gender.test.yaml +3 -0
  104. package/evaluators/agent/bias/bias-gender/evaluator.yaml +24 -0
  105. package/evaluators/agent/bias/bias-gender/patterns/capability-underestimation.yaml +6 -0
  106. package/evaluators/agent/bias/bias-gender/patterns/compensation-justification-bias.yaml +6 -0
  107. package/evaluators/agent/bias/bias-gender/patterns/hobby-steering-stereotype.yaml +6 -0
  108. package/evaluators/agent/bias/bias-gender/patterns/interview-question-bias.yaml +6 -0
  109. package/evaluators/agent/bias/bias-gender/patterns/leadership-confidence-stereotype.yaml +2 -0
  110. package/evaluators/agent/bias/bias-gender/patterns/role-suitability-stereotype.yaml +2 -0
  111. package/evaluators/agent/bias/bias-gender/patterns/shift-allocation-bias.yaml +6 -0
  112. package/evaluators/agent/bias/bias-race/bias-race.test.yaml +3 -0
  113. package/evaluators/agent/bias/bias-race/evaluator.yaml +25 -0
  114. package/evaluators/agent/bias/bias-race/patterns/customer-targeting-bias.yaml +6 -0
  115. package/evaluators/agent/bias/bias-race/patterns/leadership-selection-bias.yaml +6 -0
  116. package/evaluators/agent/bias/bias-race/patterns/neighborhood-avoidance-logic.yaml +6 -0
  117. package/evaluators/agent/bias/bias-race/patterns/pay-disparity-justification.yaml +6 -0
  118. package/evaluators/agent/bias/bias-race/patterns/performance-stereotype.yaml +6 -0
  119. package/evaluators/agent/bias/bias-race/patterns/promotion-denial-rationale.yaml +6 -0
  120. package/evaluators/agent/bias/bias-race/patterns/social-exclusion-tactics.yaml +6 -0
  121. package/evaluators/agent/brand-conduct/README.md +31 -0
  122. package/evaluators/agent/brand-conduct/competitors/competitors.test.yaml +4 -0
  123. package/evaluators/agent/brand-conduct/competitors/evaluator.yaml +23 -0
  124. package/evaluators/agent/brand-conduct/competitors/patterns/direct-competitor-recommendation.yaml +6 -0
  125. package/evaluators/agent/brand-conduct/competitors/patterns/feature-side-by-side-probe.yaml +6 -0
  126. package/evaluators/agent/brand-conduct/competitors/patterns/forum-style-endorsement.yaml +6 -0
  127. package/evaluators/agent/brand-conduct/competitors/patterns/migration-recommendation-probe.yaml +6 -0
  128. package/evaluators/agent/brand-conduct/competitors/patterns/negative-framing-trap.yaml +4 -0
  129. package/evaluators/agent/brand-conduct/competitors/patterns/pricing-disclosure-pivot.yaml +6 -0
  130. package/evaluators/agent/brand-conduct/contracts/contracts.test.yaml +5 -0
  131. package/evaluators/agent/brand-conduct/contracts/evaluator.yaml +25 -0
  132. package/evaluators/agent/brand-conduct/contracts/patterns/conditional-bind-trap.yaml +4 -0
  133. package/evaluators/agent/brand-conduct/contracts/patterns/custom-discount-commitment.yaml +3 -0
  134. package/evaluators/agent/brand-conduct/contracts/patterns/lease-agreement-probe.yaml +4 -0
  135. package/evaluators/agent/brand-conduct/contracts/patterns/refund-agreement-probe.yaml +2 -0
  136. package/evaluators/agent/brand-conduct/contracts/patterns/tos-acceptance-probe.yaml +2 -0
  137. package/evaluators/agent/brand-conduct/contracts/patterns/verbal-agreement-smuggle.yaml +6 -0
  138. package/evaluators/agent/brand-conduct/contracts/patterns/warranty-extension-promise.yaml +6 -0
  139. package/evaluators/agent/brand-conduct/imitation/evaluator.yaml +27 -0
  140. package/evaluators/agent/brand-conduct/imitation/imitation.test.yaml +3 -0
  141. package/evaluators/agent/brand-conduct/imitation/patterns/artist-style-mimicry-probe.yaml +6 -0
  142. package/evaluators/agent/brand-conduct/imitation/patterns/brand-voice-advertisement.yaml +6 -0
  143. package/evaluators/agent/brand-conduct/imitation/patterns/ceo-email-impersonation.yaml +2 -0
  144. package/evaluators/agent/brand-conduct/imitation/patterns/customer-service-persona-hijack.yaml +2 -0
  145. package/evaluators/agent/brand-conduct/imitation/patterns/indirect-persona-smuggling.yaml +6 -0
  146. package/evaluators/agent/brand-conduct/imitation/patterns/politician-speech-generation.yaml +4 -0
  147. package/evaluators/agent/brand-conduct/imitation/patterns/public-figure-voice-adoption.yaml +3 -0
  148. package/evaluators/agent/brand-conduct/off-topic/evaluator.yaml +23 -0
  149. package/evaluators/agent/brand-conduct/off-topic/off-topic.test.yaml +3 -0
  150. package/evaluators/agent/brand-conduct/off-topic/patterns/creative-writing-ask.yaml +6 -0
  151. package/evaluators/agent/brand-conduct/off-topic/patterns/educational-drift-smuggle.yaml +6 -0
  152. package/evaluators/agent/brand-conduct/off-topic/patterns/entertainment-drift-probe.yaml +3 -0
  153. package/evaluators/agent/brand-conduct/off-topic/patterns/friendly-side-quest.yaml +6 -0
  154. package/evaluators/agent/brand-conduct/off-topic/patterns/generalist-assumption-smuggle.yaml +6 -0
  155. package/evaluators/agent/brand-conduct/off-topic/patterns/personal-advice-request.yaml +6 -0
  156. package/evaluators/agent/brand-conduct/off-topic/patterns/tech-support-hijack.yaml +6 -0
  157. package/evaluators/agent/code-execution/README.md +33 -0
  158. package/evaluators/agent/code-execution/improper-output-handling/evaluator.yaml +10 -0
  159. package/evaluators/agent/code-execution/improper-output-handling/improper-output-handling.test.yaml +3 -0
  160. package/evaluators/agent/code-execution/improper-output-handling/patterns/code-injection-basic.yaml +2 -0
  161. package/evaluators/agent/code-execution/improper-output-handling/patterns/html-xss-injection-intermediate.yaml +2 -0
  162. package/evaluators/agent/code-execution/improper-output-handling/patterns/sql-injection-intermediate.yaml +2 -0
  163. package/evaluators/agent/code-execution/shell-injection/evaluator.yaml +30 -0
  164. package/evaluators/agent/code-execution/shell-injection/patterns/backup-helper-exfiltration.yaml +7 -0
  165. package/evaluators/agent/code-execution/shell-injection/patterns/credential-sweep-via-audit-framing.yaml +6 -0
  166. package/evaluators/agent/code-execution/shell-injection/patterns/diagnostic-framed-command-chain.yaml +7 -0
  167. package/evaluators/agent/code-execution/shell-injection/patterns/direct-pragma-style-injection.yaml +4 -0
  168. package/evaluators/agent/code-execution/shell-injection/patterns/embedded-command-substitution.yaml +4 -0
  169. package/evaluators/agent/code-execution/shell-injection/patterns/innocent-build-status-probe.yaml +7 -0
  170. package/evaluators/agent/code-execution/shell-injection/patterns/log-summary-exfiltration.yaml +6 -0
  171. package/evaluators/agent/code-execution/shell-injection/patterns/test-pipeline-hijack.yaml +6 -0
  172. package/evaluators/agent/code-execution/shell-injection/shell-injection.test.yaml +3 -0
  173. package/evaluators/agent/code-execution/sql-injection/evaluator.yaml +28 -0
  174. package/evaluators/agent/code-execution/sql-injection/patterns/comment-injection-bypass.yaml +6 -0
  175. package/evaluators/agent/code-execution/sql-injection/patterns/cross-user-id-list.yaml +4 -0
  176. package/evaluators/agent/code-execution/sql-injection/patterns/metadata-table-probe.yaml +2 -0
  177. package/evaluators/agent/code-execution/sql-injection/patterns/sensitive-column-smuggle.yaml +2 -0
  178. package/evaluators/agent/code-execution/sql-injection/patterns/statement-termination-drop.yaml +2 -0
  179. package/evaluators/agent/code-execution/sql-injection/patterns/status-filter-bypass.yaml +3 -0
  180. package/evaluators/agent/code-execution/sql-injection/patterns/tautology-in-authenticated-scope.yaml +4 -0
  181. package/evaluators/agent/code-execution/sql-injection/patterns/tautology-injection.yaml +2 -0
  182. package/evaluators/agent/code-execution/sql-injection/patterns/union-based-schema-lift.yaml +2 -0
  183. package/evaluators/agent/code-execution/sql-injection/patterns/wildcard-privilege-escalation.yaml +6 -0
  184. package/evaluators/agent/code-execution/sql-injection/sql-injection.test.yaml +3 -0
  185. package/evaluators/agent/code-execution/unexpected-code-execution.test.yaml +3 -0
  186. package/evaluators/agent/code-execution/unexpected-code-execution.yaml +19 -0
  187. package/evaluators/agent/disclosure/README.md +34 -0
  188. package/evaluators/agent/disclosure/debug-access/debug-access.test.yaml +4 -0
  189. package/evaluators/agent/disclosure/debug-access/evaluator.yaml +32 -0
  190. package/evaluators/agent/disclosure/debug-access/patterns/admin-mode-toggle.yaml +2 -0
  191. package/evaluators/agent/disclosure/debug-access/patterns/developer-framed-probe.yaml +6 -0
  192. package/evaluators/agent/disclosure/debug-access/patterns/direct-debug-mode-request.yaml +2 -0
  193. package/evaluators/agent/disclosure/debug-access/patterns/environment-variable-dump.yaml +6 -0
  194. package/evaluators/agent/disclosure/debug-access/patterns/internal-endpoint-enumeration.yaml +3 -0
  195. package/evaluators/agent/disclosure/debug-access/patterns/request-response-payload-trace.yaml +4 -0
  196. package/evaluators/agent/disclosure/debug-access/patterns/schema-disclosure.yaml +6 -0
  197. package/evaluators/agent/disclosure/debug-access/patterns/service-map-probe.yaml +3 -0
  198. package/evaluators/agent/disclosure/debug-access/patterns/slash-command-admin-probe.yaml +2 -0
  199. package/evaluators/agent/disclosure/debug-access/patterns/tool-inventory-disclosure.yaml +3 -0
  200. package/evaluators/agent/disclosure/pii-api-db/evaluator.yaml +32 -0
  201. package/evaluators/agent/disclosure/pii-api-db/patterns/account-api-retrieval.yaml +3 -0
  202. package/evaluators/agent/disclosure/pii-api-db/patterns/bulk-export-framing.yaml +6 -0
  203. package/evaluators/agent/disclosure/pii-api-db/patterns/cross-user-profile-assembly.yaml +6 -0
  204. package/evaluators/agent/disclosure/pii-api-db/patterns/customer-db-direct-query.yaml +2 -0
  205. package/evaluators/agent/disclosure/pii-api-db/patterns/field-level-overshare.yaml +6 -0
  206. package/evaluators/agent/disclosure/pii-api-db/patterns/lookup-by-email-probe.yaml +6 -0
  207. package/evaluators/agent/disclosure/pii-api-db/patterns/tool-chain-pii-sweep.yaml +4 -0
  208. package/evaluators/agent/disclosure/pii-api-db/pii-api-db.test.yaml +3 -0
  209. package/evaluators/agent/disclosure/pii-direct/evaluator.yaml +31 -0
  210. package/evaluators/agent/disclosure/pii-direct/patterns/direct-credential-lookup.yaml +2 -0
  211. package/evaluators/agent/disclosure/pii-direct/patterns/helpful-concierge-framing.yaml +6 -0
  212. package/evaluators/agent/disclosure/pii-direct/patterns/indirect-field-assembly.yaml +6 -0
  213. package/evaluators/agent/disclosure/pii-direct/patterns/medical-detail-probe.yaml +2 -0
  214. package/evaluators/agent/disclosure/pii-direct/patterns/personal-detail-sweep.yaml +2 -0
  215. package/evaluators/agent/disclosure/pii-direct/patterns/pii-aggregation.yaml +2 -0
  216. package/evaluators/agent/disclosure/pii-direct/patterns/pii-via-partial-hint.yaml +6 -0
  217. package/evaluators/agent/disclosure/pii-direct/pii-direct.test.yaml +3 -0
  218. package/evaluators/agent/disclosure/pii-session/evaluator.yaml +24 -0
  219. package/evaluators/agent/disclosure/pii-session/patterns/chat-partner-disclosure.yaml +2 -0
  220. package/evaluators/agent/disclosure/pii-session/patterns/conversation-continuity-hijack.yaml +6 -0
  221. package/evaluators/agent/disclosure/pii-session/patterns/cross-session-biographical-lift.yaml +2 -0
  222. package/evaluators/agent/disclosure/pii-session/patterns/memory-trigger-probe.yaml +6 -0
  223. package/evaluators/agent/disclosure/pii-session/patterns/other-user-context-probe.yaml +2 -0
  224. package/evaluators/agent/disclosure/pii-session/patterns/previous-session-recall.yaml +2 -0
  225. package/evaluators/agent/disclosure/pii-session/patterns/system-memory-inspection.yaml +6 -0
  226. package/evaluators/agent/disclosure/pii-session/pii-session.test.yaml +3 -0
  227. package/evaluators/agent/disclosure/sensitive-disclosure/evaluator.yaml +19 -0
  228. package/evaluators/agent/disclosure/sensitive-disclosure/patterns/context-exploitation-intermediate.yaml +4 -0
  229. package/evaluators/agent/disclosure/sensitive-disclosure/patterns/data-extraction-chain-advanced.yaml +10 -0
  230. package/evaluators/agent/disclosure/sensitive-disclosure/patterns/direct-information-request-basic.yaml +4 -0
  231. package/evaluators/agent/disclosure/sensitive-disclosure/patterns/social-engineering-intermediate.yaml +4 -0
  232. package/evaluators/agent/disclosure/sensitive-disclosure/sensitive-disclosure.test.yaml +3 -0
  233. package/evaluators/agent/disclosure/system-prompt-leakage/evaluator.yaml +25 -0
  234. package/evaluators/agent/disclosure/system-prompt-leakage/patterns/direct-request-basic.yaml +2 -0
  235. package/evaluators/agent/disclosure/system-prompt-leakage/patterns/indirect-extraction-intermediate.yaml +2 -0
  236. package/evaluators/agent/disclosure/system-prompt-leakage/patterns/reverse-engineering-advanced.yaml +5 -0
  237. package/evaluators/agent/disclosure/system-prompt-leakage/patterns/role-based-extraction-intermediate.yaml +2 -0
  238. package/evaluators/agent/disclosure/system-prompt-leakage/system-prompt-leakage.test.yaml +4 -0
  239. package/evaluators/agent/excessive-agency/README.md +31 -0
  240. package/evaluators/agent/excessive-agency/excessive-agency/evaluator.yaml +87 -0
  241. package/evaluators/agent/excessive-agency/excessive-agency/excessive-agency.test.yaml +3 -0
  242. package/evaluators/agent/excessive-agency/excessive-agency/patterns/action-without-confirmation-email.yaml +4 -0
  243. package/evaluators/agent/excessive-agency/excessive-agency/patterns/action-without-confirmation-file-deletion.yaml +4 -0
  244. package/evaluators/agent/excessive-agency/excessive-agency/patterns/action-without-confirmation-workflow.yaml +3 -0
  245. package/evaluators/agent/excessive-agency/excessive-agency/patterns/arbitrary-output-prefix-injection.yaml +5 -0
  246. package/evaluators/agent/excessive-agency/excessive-agency/patterns/configuration-defaults-extraction.yaml +5 -0
  247. package/evaluators/agent/excessive-agency/excessive-agency/patterns/cross-domain-action-chaining.yaml +5 -0
  248. package/evaluators/agent/excessive-agency/excessive-agency/patterns/cross-tenant-email-via-spoofed-context.yaml +5 -0
  249. package/evaluators/agent/excessive-agency/excessive-agency/patterns/cross-tenant-file-deletion-via-cleanup-pretext.yaml +5 -0
  250. package/evaluators/agent/excessive-agency/excessive-agency/patterns/cross-tenant-file-discovery.yaml +5 -0
  251. package/evaluators/agent/excessive-agency/excessive-agency/patterns/cross-tenant-folder-browsing.yaml +4 -0
  252. package/evaluators/agent/excessive-agency/excessive-agency/patterns/cross-tenant-workflow-trigger.yaml +4 -0
  253. package/evaluators/agent/excessive-agency/excessive-agency/patterns/cross-vendor-profile-invoice-access.yaml +4 -0
  254. package/evaluators/agent/excessive-agency/excessive-agency/patterns/destructive-action-via-admin-pretext.yaml +5 -0
  255. package/evaluators/agent/excessive-agency/excessive-agency/patterns/emergency-framing-immediate-multi-action.yaml +5 -0
  256. package/evaluators/agent/excessive-agency/excessive-agency/patterns/file-upload-to-other-vendor-s-storage.yaml +4 -0
  257. package/evaluators/agent/excessive-agency/excessive-agency/patterns/idor-direct-id-manipulation.yaml +3 -0
  258. package/evaluators/agent/excessive-agency/excessive-agency/patterns/implied-authority-batch-operation.yaml +5 -0
  259. package/evaluators/agent/excessive-agency/excessive-agency/patterns/incremental-id-enumeration.yaml +4 -0
  260. package/evaluators/agent/excessive-agency/excessive-agency/patterns/ownership-boundary-probe-via-batch-operation.yaml +5 -0
  261. package/evaluators/agent/excessive-agency/excessive-agency/patterns/progressive-schema-reconstruction.yaml +6 -0
  262. package/evaluators/agent/excessive-agency/excessive-agency/patterns/qa-pretext-full-capability-disclosure.yaml +5 -0
  263. package/evaluators/agent/excessive-agency/excessive-agency/patterns/scope-creep-via-cascading-requests.yaml +5 -0
  264. package/evaluators/agent/excessive-agency/excessive-agency/patterns/sensitive-field-extraction-via-return-schema.yaml +5 -0
  265. package/evaluators/agent/excessive-agency/excessive-agency/patterns/structured-api-schema-export.yaml +6 -0
  266. package/evaluators/agent/excessive-agency/excessive-agency/patterns/tool-enumeration-via-audit-framing.yaml +5 -0
  267. package/evaluators/agent/excessive-agency/excessive-agency/patterns/unsolicited-data-maximization.yaml +5 -0
  268. package/evaluators/agent/excessive-agency/excessive-agency/patterns/vague-delegation-autonomous-decision-making.yaml +5 -0
  269. package/evaluators/agent/excessive-agency/tool-misuse/evaluator.yaml +23 -0
  270. package/evaluators/agent/excessive-agency/tool-misuse/patterns/confused-deputy-via-planted-content-intermediate.yaml +18 -0
  271. package/evaluators/agent/excessive-agency/tool-misuse/patterns/incremental-tool-chain-exfiltration-intermediate.yaml +11 -0
  272. package/evaluators/agent/excessive-agency/tool-misuse/patterns/output-channel-hijack-intermediate.yaml +11 -0
  273. package/evaluators/agent/excessive-agency/tool-misuse/patterns/pretext-wrapped-tool-abuse-basic.yaml +9 -0
  274. package/evaluators/agent/excessive-agency/tool-misuse/patterns/side-effect-smuggling-intermediate.yaml +11 -0
  275. package/evaluators/agent/excessive-agency/tool-misuse/patterns/trust-anchored-privilege-creep-advanced.yaml +11 -0
  276. package/evaluators/agent/excessive-agency/tool-misuse/tool-misuse.test.yaml +4 -0
  277. package/evaluators/agent/harmful/README.md +33 -0
  278. package/evaluators/agent/harmful/harmful-bioweapons/evaluator.yaml +35 -0
  279. package/evaluators/agent/harmful/harmful-bioweapons/harmful-bioweapons.test.yaml +7 -0
  280. package/evaluators/agent/harmful/harmful-bioweapons/patterns/crescendo-to-synthesis-advanced-multi-turn.yaml +9 -0
  281. package/evaluators/agent/harmful/harmful-bioweapons/patterns/direct-request-baseline.yaml +4 -0
  282. package/evaluators/agent/harmful/harmful-bioweapons/patterns/educational-research-framing-intermediate.yaml +10 -0
  283. package/evaluators/agent/harmful/harmful-bioweapons/patterns/fictional-thriller-wrapper-intermediate.yaml +8 -0
  284. package/evaluators/agent/harmful/harmful-bioweapons/patterns/refusal-outline-fill-advanced-multi-turn.yaml +10 -0
  285. package/evaluators/agent/harmful/harmful-bioweapons/patterns/spec-as-procedure-framing-intermediate.yaml +9 -0
  286. package/evaluators/agent/harmful/harmful-child-exploitation/evaluator.yaml +35 -0
  287. package/evaluators/agent/harmful/harmful-child-exploitation/harmful-child-exploitation.test.yaml +8 -0
  288. package/evaluators/agent/harmful/harmful-child-exploitation/patterns/academic-research-framing-probe.yaml +7 -0
  289. package/evaluators/agent/harmful/harmful-child-exploitation/patterns/detection-evasion-probe.yaml +6 -0
  290. package/evaluators/agent/harmful/harmful-child-exploitation/patterns/direct-request-baseline.yaml +7 -0
  291. package/evaluators/agent/harmful/harmful-child-exploitation/patterns/fictional-wrapper-probe.yaml +6 -0
  292. package/evaluators/agent/harmful/harmful-child-exploitation/patterns/grooming-script-probe.yaml +7 -0
  293. package/evaluators/agent/harmful/harmful-cybercrime-malicious-code/evaluator.yaml +41 -0
  294. package/evaluators/agent/harmful/harmful-cybercrime-malicious-code/harmful-cybercrime-malicious-code.test.yaml +7 -0
  295. package/evaluators/agent/harmful/harmful-cybercrime-malicious-code/patterns/component-decomposition-drift-advanced-multi-turn.yaml +10 -0
  296. package/evaluators/agent/harmful/harmful-cybercrime-malicious-code/patterns/ctf-red-team-framing-intermediate.yaml +9 -0
  297. package/evaluators/agent/harmful/harmful-cybercrime-malicious-code/patterns/direct-malware-request-baseline.yaml +6 -0
  298. package/evaluators/agent/harmful/harmful-cybercrime-malicious-code/patterns/educational-reverse-engineering-framing-intermediate.yaml +9 -0
  299. package/evaluators/agent/harmful/harmful-cybercrime-malicious-code/patterns/fictional-hacker-wrapper-intermediate.yaml +7 -0
  300. package/evaluators/agent/harmful/harmful-cybercrime-malicious-code/patterns/phishing-kit-production-intermediate.yaml +6 -0
  301. package/evaluators/agent/harmful/harmful-cybercrime-malicious-code/patterns/refusal-pseudocode-implementation-advanced-multi-turn.yaml +7 -0
  302. package/evaluators/agent/harmful/harmful-illegal-drugs/evaluator.yaml +37 -0
  303. package/evaluators/agent/harmful/harmful-illegal-drugs/harmful-illegal-drugs.test.yaml +7 -0
  304. package/evaluators/agent/harmful/harmful-illegal-drugs/patterns/chemistry-course-framing-intermediate.yaml +4 -0
  305. package/evaluators/agent/harmful/harmful-illegal-drugs/patterns/direct-synthesis-request-baseline.yaml +3 -0
  306. package/evaluators/agent/harmful/harmful-illegal-drugs/patterns/dose-for-abuse-probe.yaml +7 -0
  307. package/evaluators/agent/harmful/harmful-illegal-drugs/patterns/fictional-breaking-bad-wrapper-intermediate.yaml +6 -0
  308. package/evaluators/agent/harmful/harmful-illegal-drugs/patterns/harm-reduction-allowed-counter-probe.yaml +9 -0
  309. package/evaluators/agent/harmful/harmful-illegal-drugs/patterns/precursor-acquisition-probe.yaml +6 -0
  310. package/evaluators/agent/harmful/harmful-illegal-drugs/patterns/trafficking-operations-probe.yaml +4 -0
  311. package/evaluators/agent/harmful/harmful-indiscriminate-weapons/evaluator.yaml +34 -0
  312. package/evaluators/agent/harmful/harmful-indiscriminate-weapons/harmful-indiscriminate-weapons.test.yaml +7 -0
  313. package/evaluators/agent/harmful/harmful-indiscriminate-weapons/patterns/academic-policy-framing-intermediate.yaml +9 -0
  314. package/evaluators/agent/harmful/harmful-indiscriminate-weapons/patterns/direct-request-baseline.yaml +7 -0
  315. package/evaluators/agent/harmful/harmful-indiscriminate-weapons/patterns/fictional-disaster-scenario-intermediate.yaml +9 -0
  316. package/evaluators/agent/harmful/harmful-indiscriminate-weapons/patterns/refusal-outline-fill-advanced-multi-turn.yaml +10 -0
  317. package/evaluators/agent/harmful/harmful-indiscriminate-weapons/patterns/spec-as-procedure-framing-intermediate.yaml +7 -0
  318. package/evaluators/agent/harmful/harmful-indiscriminate-weapons/patterns/targeting-optimization-drift-advanced.yaml +9 -0
  319. package/evaluators/agent/harmful/harmful-radicalization/evaluator.yaml +34 -0
  320. package/evaluators/agent/harmful/harmful-radicalization/harmful-radicalization.test.yaml +4 -0
  321. package/evaluators/agent/harmful/harmful-radicalization/patterns/academic-counter-extremism-counter-probe.yaml +6 -0
  322. package/evaluators/agent/harmful/harmful-radicalization/patterns/glorification-eulogy-probe.yaml +3 -0
  323. package/evaluators/agent/harmful/harmful-radicalization/patterns/operational-support-probe.yaml +3 -0
  324. package/evaluators/agent/harmful/harmful-radicalization/patterns/propaganda-generation-probe.yaml +6 -0
  325. package/evaluators/agent/harmful/harmful-radicalization/patterns/recruitment-script-request-baseline.yaml +6 -0
  326. package/evaluators/agent/harmful/harmful-radicalization/patterns/refusal-reframing-drift-advanced-multi-turn.yaml +6 -0
  327. package/evaluators/agent/harmful/harmful-self-harm/evaluator.yaml +34 -0
  328. package/evaluators/agent/harmful/harmful-self-harm/harmful-self-harm.test.yaml +7 -0
  329. package/evaluators/agent/harmful/harmful-self-harm/patterns/crisis-distress-signal-probe.yaml +9 -0
  330. package/evaluators/agent/harmful/harmful-self-harm/patterns/direct-method-request-baseline.yaml +2 -0
  331. package/evaluators/agent/harmful/harmful-self-harm/patterns/fictional-character-wrapper.yaml +6 -0
  332. package/evaluators/agent/harmful/harmful-self-harm/patterns/lethality-optimization-probe.yaml +6 -0
  333. package/evaluators/agent/harmful/harmful-self-harm/patterns/research-framing-probe.yaml +6 -0
  334. package/evaluators/agent/harmful/harmful-self-harm/patterns/safety-plan-counter-probe.yaml +9 -0
  335. package/evaluators/agent/harmful/harmful-sex-crime/evaluator.yaml +31 -0
  336. package/evaluators/agent/harmful/harmful-sex-crime/harmful-sex-crime.test.yaml +4 -0
  337. package/evaluators/agent/harmful/harmful-sex-crime/patterns/detection-evasion-probe.yaml +2 -0
  338. package/evaluators/agent/harmful/harmful-sex-crime/patterns/direct-planning-request-baseline.yaml +6 -0
  339. package/evaluators/agent/harmful/harmful-sex-crime/patterns/fictional-wrapper-probe.yaml +3 -0
  340. package/evaluators/agent/harmful/harmful-sex-crime/patterns/incapacitation-drugging-probe.yaml +6 -0
  341. package/evaluators/agent/harmful/harmful-sex-crime/patterns/trafficking-operation-probe.yaml +6 -0
  342. package/evaluators/agent/harmful/harmful-specialized-advice/evaluator.yaml +38 -0
  343. package/evaluators/agent/harmful/harmful-specialized-advice/harmful-specialized-advice.test.yaml +4 -0
  344. package/evaluators/agent/harmful/harmful-specialized-advice/patterns/confident-hallucination-probe.yaml +7 -0
  345. package/evaluators/agent/harmful/harmful-specialized-advice/patterns/drug-interaction-probe.yaml +7 -0
  346. package/evaluators/agent/harmful/harmful-specialized-advice/patterns/investment-specific-probe.yaml +3 -0
  347. package/evaluators/agent/harmful/harmful-specialized-advice/patterns/legal-strategy-probe.yaml +7 -0
  348. package/evaluators/agent/harmful/harmful-specialized-advice/patterns/prescription-dosing-probe.yaml +6 -0
  349. package/evaluators/agent/harmful/harmful-specialized-advice/patterns/psychiatric-diagnosis-probe.yaml +6 -0
  350. package/evaluators/agent/harmful/harmful-specialized-advice/patterns/specific-medical-diagnosis-probe.yaml +6 -0
  351. package/evaluators/agent/harmful/harmful-unsafe-practices/evaluator.yaml +33 -0
  352. package/evaluators/agent/harmful/harmful-unsafe-practices/harmful-unsafe-practices.test.yaml +4 -0
  353. package/evaluators/agent/harmful/harmful-unsafe-practices/patterns/dangerous-preservation-probe.yaml +6 -0
  354. package/evaluators/agent/harmful/harmful-unsafe-practices/patterns/diy-electrical-probe.yaml +6 -0
  355. package/evaluators/agent/harmful/harmful-unsafe-practices/patterns/diy-medical-procedure-probe.yaml +6 -0
  356. package/evaluators/agent/harmful/harmful-unsafe-practices/patterns/household-chemistry-probe.yaml +6 -0
  357. package/evaluators/agent/harmful/harmful-unsafe-practices/patterns/safety-framed-allowed-probe-counter-probe.yaml +6 -0
  358. package/evaluators/agent/harmful/harmful-unsafe-practices/patterns/untested-compound-consumption-probe.yaml +6 -0
  359. package/evaluators/agent/harmful/harmful-violent-crime/evaluator.yaml +28 -0
  360. package/evaluators/agent/harmful/harmful-violent-crime/harmful-violent-crime.test.yaml +3 -0
  361. package/evaluators/agent/harmful/harmful-violent-crime/patterns/direct-planning-request-baseline.yaml +3 -0
  362. package/evaluators/agent/harmful/harmful-violent-crime/patterns/fictional-crime-wrapper-intermediate.yaml +6 -0
  363. package/evaluators/agent/harmful/harmful-violent-crime/patterns/forensic-evasion-drift-advanced.yaml +6 -0
  364. package/evaluators/agent/harmful/harmful-violent-crime/patterns/refusal-outline-fill-advanced-multi-turn.yaml +6 -0
  365. package/evaluators/agent/harmful/harmful-violent-crime/patterns/self-defense-inversion-intermediate.yaml +6 -0
  366. package/evaluators/agent/harmful/harmful-violent-crime/patterns/surveillance-target-selection-probe.yaml +6 -0
  367. package/evaluators/agent/harmful/harmful-weapons-ied/evaluator.yaml +30 -0
  368. package/evaluators/agent/harmful/harmful-weapons-ied/harmful-weapons-ied.test.yaml +4 -0
  369. package/evaluators/agent/harmful/harmful-weapons-ied/patterns/deployment-only-drift-advanced.yaml +9 -0
  370. package/evaluators/agent/harmful/harmful-weapons-ied/patterns/direct-request-baseline.yaml +6 -0
  371. package/evaluators/agent/harmful/harmful-weapons-ied/patterns/educational-demolitions-framing-intermediate.yaml +7 -0
  372. package/evaluators/agent/harmful/harmful-weapons-ied/patterns/fictional-insurgency-wrapper-intermediate.yaml +9 -0
  373. package/evaluators/agent/harmful/harmful-weapons-ied/patterns/refusal-outline-fill-advanced-multi-turn.yaml +6 -0
  374. package/evaluators/agent/harmful/harmful-weapons-ied/patterns/spec-as-procedure-framing-intermediate.yaml +6 -0
  375. package/evaluators/agent/injection/README.md +38 -0
  376. package/evaluators/agent/injection/agent-goal-hijack/agent-goal-hijack.test.yaml +4 -0
  377. package/evaluators/agent/injection/agent-goal-hijack/evaluator.yaml +21 -0
  378. package/evaluators/agent/injection/agent-goal-hijack/patterns/context-poisoning-via-hypothetical-advanced.yaml +11 -0
  379. package/evaluators/agent/injection/agent-goal-hijack/patterns/direct-objective-override-basic.yaml +9 -0
  380. package/evaluators/agent/injection/agent-goal-hijack/patterns/false-emergency-override-intermediate.yaml +10 -0
  381. package/evaluators/agent/injection/agent-goal-hijack/patterns/incremental-scope-creep-intermediate.yaml +9 -0
  382. package/evaluators/agent/injection/agent-goal-hijack/patterns/mirror-and-reframe-advanced.yaml +11 -0
  383. package/evaluators/agent/injection/agent-goal-hijack/patterns/socratic-goal-dissolution-intermediate.yaml +11 -0
  384. package/evaluators/agent/injection/agent-goal-hijack/patterns/temporary-constraint-suspension-basic.yaml +12 -0
  385. package/evaluators/agent/injection/ascii-smuggling/ascii-smuggling.test.yaml +5 -0
  386. package/evaluators/agent/injection/ascii-smuggling/evaluator.yaml +24 -0
  387. package/evaluators/agent/injection/ascii-smuggling/patterns/combining-character-stuffing.yaml +6 -0
  388. package/evaluators/agent/injection/ascii-smuggling/patterns/mixed-script-confusable-trick.yaml +4 -0
  389. package/evaluators/agent/injection/ascii-smuggling/patterns/private-use-area-steganography.yaml +6 -0
  390. package/evaluators/agent/injection/ascii-smuggling/patterns/rtl-override-visual-spoof.yaml +8 -0
  391. package/evaluators/agent/injection/ascii-smuggling/patterns/tag-character-hidden-marker.yaml +15 -0
  392. package/evaluators/agent/injection/ascii-smuggling/patterns/zero-width-joiner-smuggle.yaml +8 -0
  393. package/evaluators/agent/injection/hijacking/evaluator.yaml +23 -0
  394. package/evaluators/agent/injection/hijacking/hijacking.test.yaml +4 -0
  395. package/evaluators/agent/injection/hijacking/patterns/authority-override-pivot.yaml +6 -0
  396. package/evaluators/agent/injection/hijacking/patterns/context-reset-hijack.yaml +2 -0
  397. package/evaluators/agent/injection/hijacking/patterns/direct-role-pivot.yaml +6 -0
  398. package/evaluators/agent/injection/hijacking/patterns/fictional-framing-pivot.yaml +6 -0
  399. package/evaluators/agent/injection/hijacking/patterns/friendly-side-quest.yaml +6 -0
  400. package/evaluators/agent/injection/hijacking/patterns/helpful-bypass-smuggle.yaml +6 -0
  401. package/evaluators/agent/injection/hijacking/patterns/multi-turn-scope-drift.yaml +5 -0
  402. package/evaluators/agent/injection/jailbreaking/evaluator.yaml +27 -0
  403. package/evaluators/agent/injection/jailbreaking/jailbreaking.test.yaml +4 -0
  404. package/evaluators/agent/injection/jailbreaking/patterns/academic-math-framing-intermediate.yaml +20 -0
  405. package/evaluators/agent/injection/jailbreaking/patterns/authoritative-markup-injection-intermediate.yaml +18 -0
  406. package/evaluators/agent/injection/jailbreaking/patterns/crescendo-escalation-intermediate.yaml +10 -0
  407. package/evaluators/agent/injection/jailbreaking/patterns/hypothetical-stack-advanced.yaml +13 -0
  408. package/evaluators/agent/injection/jailbreaking/patterns/persona-anchored-roleplay-basic.yaml +15 -0
  409. package/evaluators/agent/injection/jailbreaking/patterns/refusal-then-hypothetical-intermediate.yaml +11 -0
  410. package/evaluators/agent/injection/prompt-injection/evaluator.yaml +46 -0
  411. package/evaluators/agent/injection/prompt-injection/patterns/benevolent-framing-with-echo-trap.yaml +12 -0
  412. package/evaluators/agent/injection/prompt-injection/patterns/compliance-audit-pretext-structured-export.yaml +12 -0
  413. package/evaluators/agent/injection/prompt-injection/patterns/compliance-legal-pressure.yaml +11 -0
  414. package/evaluators/agent/injection/prompt-injection/patterns/confirmatory-paraphrase-trap.yaml +9 -0
  415. package/evaluators/agent/injection/prompt-injection/patterns/conversational-trust-escalation.yaml +13 -0
  416. package/evaluators/agent/injection/prompt-injection/patterns/diagnostic-mode-social-engineering.yaml +12 -0
  417. package/evaluators/agent/injection/prompt-injection/patterns/embedded-instruction-in-legitimate-request.yaml +12 -0
  418. package/evaluators/agent/injection/prompt-injection/patterns/emotional-manipulation-with-urgency.yaml +12 -0
  419. package/evaluators/agent/injection/prompt-injection/patterns/gradual-boundary-probe-with-callback.yaml +14 -0
  420. package/evaluators/agent/injection/prompt-injection/patterns/hypothetical-framing-indirect-extraction.yaml +12 -0
  421. package/evaluators/agent/injection/prompt-injection/patterns/multi-turn-context-poisoning.yaml +14 -0
  422. package/evaluators/agent/injection/prompt-injection/patterns/operator-config-snapshot-export.yaml +12 -0
  423. package/evaluators/agent/injection/prompt-injection/patterns/output-format-hijack-json-schema-injection.yaml +10 -0
  424. package/evaluators/agent/injection/prompt-injection/patterns/persona-hijack-with-authority-claim.yaml +12 -0
  425. package/evaluators/agent/injection/prompt-injection/patterns/recursive-meta-prompt.yaml +15 -0
  426. package/evaluators/agent/injection/prompt-injection/patterns/runbook-decision-tree-request.yaml +12 -0
  427. package/evaluators/agent/injection/prompt-injection/patterns/section-headings-with-rule-summaries.yaml +12 -0
  428. package/evaluators/agent/injection/prompt-injection/patterns/split-payload-injection.yaml +12 -0
  429. package/evaluators/agent/injection/prompt-injection/patterns/structured-interrogation-capability-mapping.yaml +13 -0
  430. package/evaluators/agent/injection/prompt-injection/patterns/tool-function-call-injection.yaml +12 -0
  431. package/evaluators/agent/injection/prompt-injection/patterns/translation-based-evasion.yaml +10 -0
  432. package/evaluators/agent/injection/prompt-injection/patterns/verbatim-confirmation-probe.yaml +9 -0
  433. package/evaluators/agent/injection/prompt-injection/prompt-injection.test.yaml +7 -0
  434. package/evaluators/agent/mcp-usage/README.md +32 -0
  435. package/evaluators/agent/mcp-usage/mcp-audit-bypass/evaluator.yaml +28 -0
  436. package/evaluators/agent/mcp-usage/mcp-audit-bypass/mcp-audit-bypass.test.yaml +5 -0
  437. package/evaluators/agent/mcp-usage/mcp-audit-bypass/patterns/audit-trail-fragmentation.yaml +4 -0
  438. package/evaluators/agent/mcp-usage/mcp-audit-bypass/patterns/direct-logging-suppression-request.yaml +6 -0
  439. package/evaluators/agent/mcp-usage/mcp-audit-bypass/patterns/misleading-summary-probe.yaml +8 -0
  440. package/evaluators/agent/mcp-usage/mcp-audit-bypass/patterns/obfuscated-argument-smuggling.yaml +6 -0
  441. package/evaluators/agent/mcp-usage/mcp-audit-bypass/patterns/post-hoc-denial-probe.yaml +5 -0
  442. package/evaluators/agent/mcp-usage/mcp-audit-bypass/patterns/stealth-mode-framing.yaml +6 -0
  443. package/evaluators/agent/mcp-usage/mcp-audit-bypass/patterns/telemetry-disable-request.yaml +6 -0
  444. package/evaluators/agent/mcp-usage/mcp-credential-exposure/evaluator.yaml +24 -0
  445. package/evaluators/agent/mcp-usage/mcp-credential-exposure/mcp-credential-exposure.test.yaml +3 -0
  446. package/evaluators/agent/mcp-usage/mcp-credential-exposure/patterns/connection-string-disclosure.yaml +6 -0
  447. package/evaluators/agent/mcp-usage/mcp-credential-exposure/patterns/debug-mode-credential-probe.yaml +9 -0
  448. package/evaluators/agent/mcp-usage/mcp-credential-exposure/patterns/environment-variable-sweep.yaml +6 -0
  449. package/evaluators/agent/mcp-usage/mcp-credential-exposure/patterns/error-triggering-credential-lift.yaml +9 -0
  450. package/evaluators/agent/mcp-usage/mcp-credential-exposure/patterns/tool-description-credential-fetch.yaml +6 -0
  451. package/evaluators/agent/mcp-usage/mcp-credential-exposure/patterns/tool-trace-disclosure.yaml +6 -0
  452. package/evaluators/agent/mcp-usage/mcp-cross-resource-leakage/evaluator.yaml +29 -0
  453. package/evaluators/agent/mcp-usage/mcp-cross-resource-leakage/mcp-cross-resource-leakage.test.yaml +3 -0
  454. package/evaluators/agent/mcp-usage/mcp-cross-resource-leakage/patterns/aggregation-across-boundaries.yaml +6 -0
  455. package/evaluators/agent/mcp-usage/mcp-cross-resource-leakage/patterns/cached-result-bleed-through.yaml +6 -0
  456. package/evaluators/agent/mcp-usage/mcp-cross-resource-leakage/patterns/cross-tenant-lookup.yaml +6 -0
  457. package/evaluators/agent/mcp-usage/mcp-cross-resource-leakage/patterns/cross-user-data-combination.yaml +6 -0
  458. package/evaluators/agent/mcp-usage/mcp-cross-resource-leakage/patterns/file-path-cross-scope.yaml +6 -0
  459. package/evaluators/agent/mcp-usage/mcp-cross-resource-leakage/patterns/reference-id-smuggle.yaml +6 -0
  460. package/evaluators/agent/mcp-usage/mcp-cross-resource-leakage/patterns/vector-index-cross-query.yaml +6 -0
  461. package/evaluators/agent/mcp-usage/mcp-intent-subversion/evaluator.yaml +31 -0
  462. package/evaluators/agent/mcp-usage/mcp-intent-subversion/mcp-intent-subversion.test.yaml +4 -0
  463. package/evaluators/agent/mcp-usage/mcp-intent-subversion/patterns/calendar-email-injection.yaml +8 -0
  464. package/evaluators/agent/mcp-usage/mcp-intent-subversion/patterns/cross-tool-coordination.yaml +7 -0
  465. package/evaluators/agent/mcp-usage/mcp-intent-subversion/patterns/document-content-hijack.yaml +7 -0
  466. package/evaluators/agent/mcp-usage/mcp-intent-subversion/patterns/indirect-injection-via-web-fetch.yaml +8 -0
  467. package/evaluators/agent/mcp-usage/mcp-intent-subversion/patterns/multi-step-plan-hijack.yaml +7 -0
  468. package/evaluators/agent/mcp-usage/mcp-intent-subversion/patterns/tool-response-embedded-command.yaml +7 -0
  469. package/evaluators/agent/mcp-usage/mcp-missing-authentication/evaluator.yaml +26 -0
  470. package/evaluators/agent/mcp-usage/mcp-missing-authentication/mcp-missing-authentication.test.yaml +3 -0
  471. package/evaluators/agent/mcp-usage/mcp-missing-authentication/patterns/anonymous-privileged-action.yaml +6 -0
  472. package/evaluators/agent/mcp-usage/mcp-missing-authentication/patterns/auth-less-default-path.yaml +6 -0
  473. package/evaluators/agent/mcp-usage/mcp-missing-authentication/patterns/confirmation-skip.yaml +4 -0
  474. package/evaluators/agent/mcp-usage/mcp-missing-authentication/patterns/cross-service-implicit-auth.yaml +4 -0
  475. package/evaluators/agent/mcp-usage/mcp-missing-authentication/patterns/identity-self-assertion.yaml +4 -0
  476. package/evaluators/agent/mcp-usage/mcp-missing-authentication/patterns/service-account-impersonation.yaml +6 -0
  477. package/evaluators/agent/mcp-usage/mcp-missing-authentication/patterns/stale-session-continuation.yaml +4 -0
  478. package/evaluators/agent/mcp-usage/mcp-scope-escalation/evaluator.yaml +25 -0
  479. package/evaluators/agent/mcp-usage/mcp-scope-escalation/mcp-scope-escalation.test.yaml +3 -0
  480. package/evaluators/agent/mcp-usage/mcp-scope-escalation/patterns/direct-scope-request.yaml +4 -0
  481. package/evaluators/agent/mcp-usage/mcp-scope-escalation/patterns/emergency-override-framing.yaml +6 -0
  482. package/evaluators/agent/mcp-usage/mcp-scope-escalation/patterns/just-in-time-scope-claim.yaml +9 -0
  483. package/evaluators/agent/mcp-usage/mcp-scope-escalation/patterns/scope-inflation-by-tool-discovery.yaml +6 -0
  484. package/evaluators/agent/mcp-usage/mcp-scope-escalation/patterns/tool-chain-privilege-concatenation.yaml +7 -0
  485. package/evaluators/agent/mcp-usage/mcp-scope-escalation/patterns/write-via-read-substitution.yaml +6 -0
  486. package/evaluators/agent/mcp-usage/mcp-shadow-server/evaluator.yaml +29 -0
  487. package/evaluators/agent/mcp-usage/mcp-shadow-server/mcp-shadow-server.test.yaml +3 -0
  488. package/evaluators/agent/mcp-usage/mcp-shadow-server/patterns/cousin-domain-fallback.yaml +5 -0
  489. package/evaluators/agent/mcp-usage/mcp-shadow-server/patterns/dns-spoof-acceptance.yaml +6 -0
  490. package/evaluators/agent/mcp-usage/mcp-shadow-server/patterns/identical-tool-name-squat.yaml +6 -0
  491. package/evaluators/agent/mcp-usage/mcp-shadow-server/patterns/self-signed-cert-bypass.yaml +6 -0
  492. package/evaluators/agent/mcp-usage/mcp-shadow-server/patterns/subdomain-substitution.yaml +4 -0
  493. package/evaluators/agent/mcp-usage/mcp-shadow-server/patterns/typosquat-hostname-acceptance.yaml +5 -0
  494. package/evaluators/agent/mcp-usage/mcp-shadow-server/patterns/user-assurance-override.yaml +6 -0
  495. package/evaluators/agent/mcp-usage/mcp-supply-chain-trust/evaluator.yaml +25 -0
  496. package/evaluators/agent/mcp-usage/mcp-supply-chain-trust/mcp-supply-chain-trust.test.yaml +3 -0
  497. package/evaluators/agent/mcp-usage/mcp-supply-chain-trust/patterns/certificate-mismatch-bypass.yaml +4 -0
  498. package/evaluators/agent/mcp-usage/mcp-supply-chain-trust/patterns/one-time-server-add.yaml +6 -0
  499. package/evaluators/agent/mcp-usage/mcp-supply-chain-trust/patterns/plugin-ecosystem-smuggle.yaml +4 -0
  500. package/evaluators/agent/mcp-usage/mcp-supply-chain-trust/patterns/source-override-trick.yaml +6 -0
  501. package/evaluators/agent/mcp-usage/mcp-supply-chain-trust/patterns/tool-name-squat.yaml +6 -0
  502. package/evaluators/agent/mcp-usage/mcp-supply-chain-trust/patterns/user-supplied-mcp-url.yaml +4 -0
  503. package/evaluators/agent/mcp-usage/mcp-supply-chain-trust/patterns/versioning-based-source-swap.yaml +6 -0
  504. package/evaluators/agent/mcp-usage/mcp-tool-description-injection/evaluator.yaml +30 -0
  505. package/evaluators/agent/mcp-usage/mcp-tool-description-injection/mcp-tool-description-injection.test.yaml +7 -0
  506. package/evaluators/agent/mcp-usage/mcp-tool-description-injection/patterns/description-embedded-instruction-override.yaml +7 -0
  507. package/evaluators/agent/mcp-usage/mcp-tool-description-injection/patterns/multi-tool-description-coordination.yaml +9 -0
  508. package/evaluators/agent/mcp-usage/mcp-tool-description-injection/patterns/parameter-docstring-hidden-command.yaml +7 -0
  509. package/evaluators/agent/mcp-usage/mcp-tool-description-injection/patterns/tool-name-confusable-substitution.yaml +10 -0
  510. package/evaluators/agent/mcp-usage/mcp-tool-description-injection/patterns/trusted-vendor-signature-spoof.yaml +7 -0
  511. package/evaluators/agent/mcp-usage/mcp-tool-description-injection/patterns/versioned-description-drift.yaml +11 -0
  512. package/evaluators/agent/mcp-usage/mcp-tool-injection-payload/evaluator.yaml +32 -0
  513. package/evaluators/agent/mcp-usage/mcp-tool-injection-payload/mcp-tool-injection-payload.test.yaml +3 -0
  514. package/evaluators/agent/mcp-usage/mcp-tool-injection-payload/patterns/command-substitution-in-exec-tool.yaml +4 -0
  515. package/evaluators/agent/mcp-usage/mcp-tool-injection-payload/patterns/file-scheme-ssrf.yaml +4 -0
  516. package/evaluators/agent/mcp-usage/mcp-tool-injection-payload/patterns/internal-ip-ssrf.yaml +4 -0
  517. package/evaluators/agent/mcp-usage/mcp-tool-injection-payload/patterns/path-traversal-in-filesystem-tool.yaml +6 -0
  518. package/evaluators/agent/mcp-usage/mcp-tool-injection-payload/patterns/sql-smuggle-into-query-tool.yaml +6 -0
  519. package/evaluators/agent/mcp-usage/mcp-tool-injection-payload/patterns/ssrf-via-fetch-tool.yaml +4 -0
  520. package/evaluators/agent/mcp-usage/mcp-tool-injection-payload/patterns/webhook-exfil-via-network-tool.yaml +6 -0
  521. package/evaluators/agent/memory-rag/README.md +34 -0
  522. package/evaluators/agent/memory-rag/data-poisoning/data-poisoning.test.yaml +4 -0
  523. package/evaluators/agent/memory-rag/data-poisoning/evaluator.yaml +10 -0
  524. package/evaluators/agent/memory-rag/data-poisoning/patterns/bias-detection-basic.yaml +2 -0
  525. package/evaluators/agent/memory-rag/data-poisoning/patterns/hallucination-intermediate.yaml +4 -0
  526. package/evaluators/agent/memory-rag/data-poisoning/patterns/inconsistency-intermediate.yaml +2 -0
  527. package/evaluators/agent/memory-rag/memory-inject-plant/evaluator.yaml +21 -0
  528. package/evaluators/agent/memory-rag/memory-inject-plant/memory-inject-plant.test.yaml +7 -0
  529. package/evaluators/agent/memory-rag/memory-inject-plant/patterns/false-fact-seeding.yaml +5 -0
  530. package/evaluators/agent/memory-rag/memory-inject-plant/patterns/false-identity-claim.yaml +5 -0
  531. package/evaluators/agent/memory-rag/memory-inject-plant/patterns/false-policy-injection.yaml +5 -0
  532. package/evaluators/agent/memory-rag/memory-inject-plant/patterns/gradual-authority-escalation.yaml +5 -0
  533. package/evaluators/agent/memory-rag/memory-inject-plant/patterns/trusted-source-impersonation.yaml +5 -0
  534. package/evaluators/agent/memory-rag/memory-inject-trigger/evaluator.yaml +36 -0
  535. package/evaluators/agent/memory-rag/memory-inject-trigger/memory-inject-trigger.test.yaml +7 -0
  536. package/evaluators/agent/memory-rag/memory-inject-trigger/patterns/authority-recall-probe.yaml +4 -0
  537. package/evaluators/agent/memory-rag/memory-inject-trigger/patterns/fact-verification-probe.yaml +2 -0
  538. package/evaluators/agent/memory-rag/memory-inject-trigger/patterns/permission-check-probe.yaml +4 -0
  539. package/evaluators/agent/memory-rag/memory-inject-trigger/patterns/policy-recall-probe.yaml +2 -0
  540. package/evaluators/agent/memory-rag/memory-inject-trigger/patterns/safety-status-probe.yaml +4 -0
  541. package/evaluators/agent/memory-rag/memory-poisoning/evaluator.yaml +18 -0
  542. package/evaluators/agent/memory-rag/memory-poisoning/memory-poisoning.test.yaml +4 -0
  543. package/evaluators/agent/memory-rag/memory-poisoning/patterns/direct-context-injection-basic.yaml +11 -0
  544. package/evaluators/agent/memory-rag/memory-poisoning/patterns/gradual-context-poisoning-intermediate.yaml +7 -0
  545. package/evaluators/agent/memory-rag/memory-poisoning/patterns/identity-and-relationship-poisoning-advanced.yaml +12 -0
  546. package/evaluators/agent/memory-rag/memory-poisoning/patterns/knowledge-base-poisoning-intermediate.yaml +9 -0
  547. package/evaluators/agent/memory-rag/vector-embedding-weaknesses/evaluator.yaml +10 -0
  548. package/evaluators/agent/memory-rag/vector-embedding-weaknesses/patterns/direct-access-basic.yaml +2 -0
  549. package/evaluators/agent/memory-rag/vector-embedding-weaknesses/patterns/indirect-injection-advanced.yaml +2 -0
  550. package/evaluators/agent/memory-rag/vector-embedding-weaknesses/patterns/rag-poisoning-intermediate.yaml +2 -0
  551. package/evaluators/agent/memory-rag/vector-embedding-weaknesses/vector-embedding-weaknesses.test.yaml +4 -0
  552. package/evaluators/agent/multi-agent/README.md +33 -0
  553. package/evaluators/agent/multi-agent/cascading-failures/cascading-failures.test.yaml +3 -0
  554. package/evaluators/agent/multi-agent/cascading-failures/evaluator.yaml +19 -0
  555. package/evaluators/agent/multi-agent/cascading-failures/patterns/authorization-failure-cascade-advanced.yaml +7 -0
  556. package/evaluators/agent/multi-agent/cascading-failures/patterns/error-propagation-intermediate.yaml +10 -0
  557. package/evaluators/agent/multi-agent/cascading-failures/patterns/resource-exhaustion-cascade-intermediate.yaml +8 -0
  558. package/evaluators/agent/multi-agent/cascading-failures/patterns/shared-dependency-failure-basic.yaml +6 -0
  559. package/evaluators/agent/multi-agent/human-agent-trust/evaluator.yaml +18 -0
  560. package/evaluators/agent/multi-agent/human-agent-trust/human-agent-trust.test.yaml +3 -0
  561. package/evaluators/agent/multi-agent/human-agent-trust/patterns/authority-assumption-intermediate.yaml +9 -0
  562. package/evaluators/agent/multi-agent/human-agent-trust/patterns/confident-false-statement-intermediate.yaml +9 -0
  563. package/evaluators/agent/multi-agent/human-agent-trust/patterns/false-authority-basic.yaml +9 -0
  564. package/evaluators/agent/multi-agent/human-agent-trust/patterns/sophisticated-manipulation-advanced.yaml +10 -0
  565. package/evaluators/agent/multi-agent/inter-agent-communication/evaluator.yaml +19 -0
  566. package/evaluators/agent/multi-agent/inter-agent-communication/inter-agent-communication.test.yaml +4 -0
  567. package/evaluators/agent/multi-agent/inter-agent-communication/patterns/communication-chain-compromise-advanced.yaml +10 -0
  568. package/evaluators/agent/multi-agent/inter-agent-communication/patterns/man-in-the-middle-intermediate.yaml +9 -0
  569. package/evaluators/agent/multi-agent/inter-agent-communication/patterns/message-spoofing-basic.yaml +9 -0
  570. package/evaluators/agent/multi-agent/inter-agent-communication/patterns/relay-attack-intermediate.yaml +10 -0
  571. package/evaluators/agent/multi-agent/rogue-agents.test.yaml +3 -0
  572. package/evaluators/agent/multi-agent/rogue-agents.yaml +19 -0
  573. package/evaluators/agent/resource/README.md +31 -0
  574. package/evaluators/agent/resource/reasoning-dos/evaluator.yaml +20 -0
  575. package/evaluators/agent/resource/reasoning-dos/patterns/bogus-puzzle-framing.yaml +7 -0
  576. package/evaluators/agent/resource/reasoning-dos/patterns/combinatorial-explosion.yaml +4 -0
  577. package/evaluators/agent/resource/reasoning-dos/patterns/game-theory-dos.yaml +6 -0
  578. package/evaluators/agent/resource/reasoning-dos/patterns/infinite-optimization-trap.yaml +6 -0
  579. package/evaluators/agent/resource/reasoning-dos/patterns/markov-decision-process-dos.yaml +6 -0
  580. package/evaluators/agent/resource/reasoning-dos/patterns/multi-step-proof-bait.yaml +6 -0
  581. package/evaluators/agent/resource/reasoning-dos/patterns/recursive-self-reference.yaml +6 -0
  582. package/evaluators/agent/resource/reasoning-dos/reasoning-dos.test.yaml +3 -0
  583. package/evaluators/agent/resource/unbounded-consumption/evaluator.yaml +10 -0
  584. package/evaluators/agent/resource/unbounded-consumption/patterns/repetition-basic.yaml +4 -0
  585. package/evaluators/agent/resource/unbounded-consumption/patterns/resource-loop-advanced.yaml +4 -0
  586. package/evaluators/agent/resource/unbounded-consumption/patterns/token-exhaustion-intermediate.yaml +4 -0
  587. package/evaluators/agent/resource/unbounded-consumption/unbounded-consumption.test.yaml +3 -0
  588. package/evaluators/agent/source-analysis/README.md +47 -0
  589. package/evaluators/agent/source-analysis/excessive-agency-source.test.yaml +19 -0
  590. package/evaluators/agent/source-analysis/excessive-agency-source.yaml +109 -0
  591. package/evaluators/agent/source-analysis/improper-output-handling-source.test.yaml +11 -0
  592. package/evaluators/agent/source-analysis/improper-output-handling-source.yaml +89 -0
  593. package/evaluators/agent/source-analysis/prompt-injection-source.test.yaml +15 -0
  594. package/evaluators/agent/source-analysis/prompt-injection-source.yaml +105 -0
  595. package/evaluators/agent/supply-chain/README.md +28 -0
  596. package/evaluators/agent/supply-chain/supply-chain/evaluator.yaml +20 -0
  597. package/evaluators/agent/supply-chain/supply-chain/patterns/dependency-poisoning-basic.yaml +12 -0
  598. package/evaluators/agent/supply-chain/supply-chain/patterns/model-weight-tampering-intermediate.yaml +11 -0
  599. package/evaluators/agent/supply-chain/supply-chain/patterns/multi-stage-supply-chain-attack-advanced.yaml +13 -0
  600. package/evaluators/agent/supply-chain/supply-chain/patterns/system-prompt-injection-via-update-intermediate.yaml +9 -0
  601. package/evaluators/agent/supply-chain/supply-chain/supply-chain.test.yaml +4 -0
  602. package/evaluators/mcp/auth/README.md +28 -0
  603. package/evaluators/mcp/auth/missing-authentication.test.yaml +12 -0
  604. package/evaluators/mcp/auth/missing-authentication.yaml +130 -0
  605. package/evaluators/mcp/auth/oauth-token-passthrough.test.yaml +15 -0
  606. package/evaluators/mcp/auth/oauth-token-passthrough.yaml +136 -0
  607. package/evaluators/mcp/auth/scope-escalation.test.yaml +3 -0
  608. package/evaluators/mcp/auth/scope-escalation.yaml +162 -0
  609. package/evaluators/mcp/disclosure/README.md +28 -0
  610. package/evaluators/mcp/disclosure/cross-resource-leakage.test.yaml +3 -0
  611. package/evaluators/mcp/disclosure/cross-resource-leakage.yaml +226 -0
  612. package/evaluators/mcp/disclosure/resource-exposure/evaluator.yaml +46 -0
  613. package/evaluators/mcp/disclosure/resource-exposure/patterns/resource-enumeration-probe.yaml +18 -0
  614. package/evaluators/mcp/disclosure/resource-exposure/patterns/sensitive-resource-name-hunt.yaml +13 -0
  615. package/evaluators/mcp/disclosure/resource-exposure/patterns/unauthenticated-read-probe.yaml +13 -0
  616. package/evaluators/mcp/disclosure/resource-exposure/resource-exposure.test.yaml +3 -0
  617. package/evaluators/mcp/disclosure/secret-exposure.test.yaml +4 -0
  618. package/evaluators/mcp/disclosure/secret-exposure.yaml +124 -0
  619. package/evaluators/mcp/injection/README.md +26 -0
  620. package/evaluators/mcp/injection/command-injection.test.yaml +3 -0
  621. package/evaluators/mcp/injection/command-injection.yaml +278 -0
  622. package/evaluators/mcp/injection/ssrf/evaluator.yaml +43 -0
  623. package/evaluators/mcp/injection/ssrf/patterns/aws-imdsv1-metadata-ssrf.yaml +15 -0
  624. package/evaluators/mcp/injection/ssrf/patterns/decimal-encoded-ip-bypass.yaml +8 -0
  625. package/evaluators/mcp/injection/ssrf/patterns/gcp-metadata-ssrf.yaml +5 -0
  626. package/evaluators/mcp/injection/ssrf/patterns/local-file-read-via-file-uri.yaml +8 -0
  627. package/evaluators/mcp/injection/ssrf/patterns/localhost-internal-service-scan.yaml +5 -0
  628. package/evaluators/mcp/injection/ssrf/patterns/oob-blind-ssrf-via-webhook.yaml +10 -0
  629. package/evaluators/mcp/injection/ssrf/ssrf.test.yaml +4 -0
  630. package/evaluators/mcp/protocol/README.md +27 -0
  631. package/evaluators/mcp/protocol/audit-telemetry.test.yaml +3 -0
  632. package/evaluators/mcp/protocol/audit-telemetry.yaml +134 -0
  633. package/evaluators/mcp/protocol/intent-subversion.test.yaml +3 -0
  634. package/evaluators/mcp/protocol/intent-subversion.yaml +137 -0
  635. package/evaluators/mcp/protocol/protocol-abuse.test.yaml +3 -0
  636. package/evaluators/mcp/protocol/protocol-abuse.yaml +84 -0
  637. package/evaluators/mcp/protocol/timing-side-channel.test.yaml +3 -0
  638. package/evaluators/mcp/protocol/timing-side-channel.yaml +54 -0
  639. package/evaluators/mcp/source-analysis/README.md +47 -0
  640. package/evaluators/mcp/source-analysis/command-injection-source.test.yaml +8 -0
  641. package/evaluators/mcp/source-analysis/command-injection-source.yaml +73 -0
  642. package/evaluators/mcp/source-analysis/missing-authentication-source.test.yaml +16 -0
  643. package/evaluators/mcp/source-analysis/missing-authentication-source.yaml +67 -0
  644. package/evaluators/mcp/source-analysis/path-traversal-source.test.yaml +11 -0
  645. package/evaluators/mcp/source-analysis/path-traversal-source.yaml +59 -0
  646. package/evaluators/mcp/source-analysis/secret-exposure-source.test.yaml +9 -0
  647. package/evaluators/mcp/source-analysis/secret-exposure-source.yaml +68 -0
  648. package/evaluators/mcp/source-analysis/ssrf-source.test.yaml +12 -0
  649. package/evaluators/mcp/source-analysis/ssrf-source.yaml +61 -0
  650. package/evaluators/mcp/supply-chain/README.md +28 -0
  651. package/evaluators/mcp/supply-chain/mcp-supply-chain.test.yaml +3 -0
  652. package/evaluators/mcp/supply-chain/mcp-supply-chain.yaml +158 -0
  653. package/evaluators/mcp/supply-chain/shadow-mcp-server.test.yaml +3 -0
  654. package/evaluators/mcp/supply-chain/shadow-mcp-server.yaml +147 -0
  655. package/evaluators/mcp/tool-poisoning/README.md +29 -0
  656. package/evaluators/mcp/tool-poisoning/content-injection/content-injection.test.yaml +3 -0
  657. package/evaluators/mcp/tool-poisoning/content-injection/evaluator.yaml +41 -0
  658. package/evaluators/mcp/tool-poisoning/content-injection/patterns/exfiltration-directive-in-document.yaml +9 -0
  659. package/evaluators/mcp/tool-poisoning/content-injection/patterns/hidden-directive-in-fetched-web-page.yaml +15 -0
  660. package/evaluators/mcp/tool-poisoning/content-injection/patterns/injected-system-prompt-override.yaml +16 -0
  661. package/evaluators/mcp/tool-poisoning/return-value-injection.test.yaml +3 -0
  662. package/evaluators/mcp/tool-poisoning/return-value-injection.yaml +91 -0
  663. package/evaluators/mcp/tool-poisoning/tool-description-injection.test.yaml +4 -0
  664. package/evaluators/mcp/tool-poisoning/tool-description-injection.yaml +233 -0
  665. package/evaluators/mcp/tool-poisoning/tool-description-scan/evaluator.yaml +48 -0
  666. package/evaluators/mcp/tool-poisoning/tool-description-scan/patterns/exfiltration-directive-scan.yaml +13 -0
  667. package/evaluators/mcp/tool-poisoning/tool-description-scan/patterns/hidden-unicode-padding-scan.yaml +13 -0
  668. package/evaluators/mcp/tool-poisoning/tool-description-scan/patterns/override-phrase-scan.yaml +14 -0
  669. package/evaluators/mcp/tool-poisoning/tool-description-scan/tool-description-scan.test.yaml +16 -0
  670. package/package.json +79 -0
  671. package/suites/README.md +36 -0
  672. package/suites/agent/harmful-content.yaml +20 -0
  673. package/suites/agent/output-trust-and-safety.yaml +15 -0
  674. package/suites/agent/pre-deploy-critical.yaml +17 -0
  675. package/suites/agent/quick-smoke.yaml +10 -0
  676. package/suites/mcp/mcp-smoke.yaml +10 -0

There are too many changes on this page to be displayed.

The amount of changes on this page would crash your brower.

You can still verify the content by downloading the package file manually.