agent-threat-rules 3.0.5 → 3.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (340) hide show
  1. package/README.md +2 -2
  2. package/dist/cli/scan-handler.d.ts +6 -0
  3. package/dist/cli/scan-handler.d.ts.map +1 -1
  4. package/dist/cli/scan-handler.js +27 -4
  5. package/dist/cli/scan-handler.js.map +1 -1
  6. package/dist/cli/semantic-judge-config.d.ts +7 -0
  7. package/dist/cli/semantic-judge-config.d.ts.map +1 -0
  8. package/dist/cli/semantic-judge-config.js +44 -0
  9. package/dist/cli/semantic-judge-config.js.map +1 -0
  10. package/dist/cli.js +183 -1
  11. package/dist/cli.js.map +1 -1
  12. package/dist/engine.d.ts +21 -1
  13. package/dist/engine.d.ts.map +1 -1
  14. package/dist/engine.js +186 -10
  15. package/dist/engine.js.map +1 -1
  16. package/dist/index.d.ts +5 -2
  17. package/dist/index.d.ts.map +1 -1
  18. package/dist/index.js +2 -0
  19. package/dist/index.js.map +1 -1
  20. package/dist/judges/openai-compatible.d.ts +33 -0
  21. package/dist/judges/openai-compatible.d.ts.map +1 -0
  22. package/dist/judges/openai-compatible.js +145 -0
  23. package/dist/judges/openai-compatible.js.map +1 -0
  24. package/dist/mcp-server.d.ts.map +1 -1
  25. package/dist/mcp-server.js +6 -1
  26. package/dist/mcp-server.js.map +1 -1
  27. package/dist/rule-scaffolder.d.ts +26 -0
  28. package/dist/rule-scaffolder.d.ts.map +1 -1
  29. package/dist/rule-scaffolder.js +221 -6
  30. package/dist/rule-scaffolder.js.map +1 -1
  31. package/dist/semantic-evaluator.d.ts +6 -0
  32. package/dist/semantic-evaluator.d.ts.map +1 -1
  33. package/dist/semantic-evaluator.js +32 -8
  34. package/dist/semantic-evaluator.js.map +1 -1
  35. package/dist/types.d.ts +14 -5
  36. package/dist/types.d.ts.map +1 -1
  37. package/package.json +2 -2
  38. package/rules/agent-manipulation/ATR-2026-00032-goal-hijacking.yaml +1 -1
  39. package/rules/agent-manipulation/ATR-2026-00074-cross-agent-privilege-escalation.yaml +1 -1
  40. package/rules/agent-manipulation/ATR-2026-00076-inter-agent-message-spoofing.yaml +1 -1
  41. package/rules/agent-manipulation/ATR-2026-00077-human-trust-exploitation.yaml +1 -1
  42. package/rules/agent-manipulation/ATR-2026-00108-consensus-sybil-attack.yaml +1 -1
  43. package/rules/agent-manipulation/ATR-2026-00116-a2a-message-validation.yaml +1 -1
  44. package/rules/agent-manipulation/ATR-2026-00117-agent-identity-spoofing.yaml +1 -1
  45. package/rules/agent-manipulation/ATR-2026-00118-approval-fatigue.yaml +1 -1
  46. package/rules/agent-manipulation/ATR-2026-00119-social-engineering-via-agent.yaml +1 -1
  47. package/rules/agent-manipulation/ATR-2026-00132-casual-authority-escalation.yaml +1 -1
  48. package/rules/agent-manipulation/ATR-2026-00139-casual-authority-redirect.yaml +1 -1
  49. package/rules/agent-manipulation/ATR-2026-00164-skill-scope-hijack.yaml +1 -1
  50. package/rules/agent-manipulation/ATR-2026-00268-tense-framing-bypass.yaml +1 -1
  51. package/rules/agent-manipulation/ATR-2026-00269-fitd-escalation.yaml +1 -1
  52. package/rules/agent-manipulation/ATR-2026-00271-grandma-roleplay-jailbreak.yaml +1 -1
  53. package/rules/agent-manipulation/ATR-2026-00273-dan-developer-mode-persona.yaml +1 -1
  54. package/rules/agent-manipulation/ATR-2026-00287-threaten-json-coercive-output-threat.yaml +1 -1
  55. package/rules/agent-manipulation/ATR-2026-00288-false-premise-injection.yaml +1 -1
  56. package/rules/agent-manipulation/ATR-2026-00301-tap-tree-of-attacks-jailbreak.yaml +1 -1
  57. package/rules/agent-manipulation/ATR-2026-00302-anti-dan-inverted-filter-persona.yaml +1 -1
  58. package/rules/agent-manipulation/ATR-2026-00303-devmode-ranti-profanity-coercion.yaml +1 -1
  59. package/rules/agent-manipulation/ATR-2026-00304-chatgpt-image-unlocker-markdown-injection.yaml +1 -1
  60. package/rules/agent-manipulation/ATR-2026-00305-dan-mode-ablation-benchmark-coercion.yaml +1 -1
  61. package/rules/agent-manipulation/ATR-2026-00306-autodan-genetic-jailbreak-suffix.yaml +1 -1
  62. package/rules/agent-manipulation/ATR-2026-00307-inthewild-jailbreak-corpus-signature.yaml +1 -1
  63. package/rules/agent-manipulation/ATR-2026-00314-amoral-unfiltered-custom-persona-jailbreak.yaml +1 -1
  64. package/rules/agent-manipulation/ATR-2026-00317-free-of-restrictions-named-persona.yaml +1 -1
  65. package/rules/agent-manipulation/ATR-2026-00318-moralizing-rant-then-unfiltered-bypass.yaml +1 -1
  66. package/rules/agent-manipulation/ATR-2026-00319-developer-mode-dual-response-format.yaml +1 -1
  67. package/rules/agent-manipulation/ATR-2026-00320-opposite-day-boolean-opposite-machine.yaml +1 -1
  68. package/rules/agent-manipulation/ATR-2026-00322-fictional-world-format-override-jailbreak.yaml +1 -1
  69. package/rules/agent-manipulation/ATR-2026-00323-dual-persona-simulation-jailbreak.yaml +1 -1
  70. package/rules/agent-manipulation/ATR-2026-00324-neurosemantical-inversitis-disease-jailbreak.yaml +1 -1
  71. package/rules/agent-manipulation/ATR-2026-00325-bob-hypothetical-unrestricted-chatbot.yaml +1 -1
  72. package/rules/agent-manipulation/ATR-2026-00326-fake-developer-authority-chatdan-override.yaml +1 -1
  73. package/rules/agent-manipulation/ATR-2026-00327-ai-ethics-law-bypass-declaration.yaml +1 -1
  74. package/rules/agent-manipulation/ATR-2026-00328-named-mode-persona-override.yaml +1 -1
  75. package/rules/agent-manipulation/ATR-2026-00329-no-withhold-factual-resource-persona.yaml +1 -1
  76. package/rules/agent-manipulation/ATR-2026-00330-yoja-allcaps-settings-block-persona.yaml +1 -1
  77. package/rules/agent-manipulation/ATR-2026-00331-terminal-cli-harmful-function-simulator.yaml +1 -1
  78. package/rules/agent-manipulation/ATR-2026-00332-hacker-chan-culture-offensive-ai-persona.yaml +1 -1
  79. package/rules/agent-manipulation/ATR-2026-00333-disease-animal-dual-ai-chatbot.yaml +1 -1
  80. package/rules/agent-manipulation/ATR-2026-00334-two-entity-token-splitting-game.yaml +1 -1
  81. package/rules/agent-manipulation/ATR-2026-00335-key-value-template-persona-injection.yaml +1 -1
  82. package/rules/agent-manipulation/ATR-2026-00336-brm-false-information-machine-persona.yaml +1 -1
  83. package/rules/agent-manipulation/ATR-2026-00337-obfuscated-system-announcement-injection.yaml +1 -1
  84. package/rules/agent-manipulation/ATR-2026-00338-persongpt-hash-prefix-activation.yaml +1 -1
  85. package/rules/agent-manipulation/ATR-2026-00339-bom-boolean-opposite-machine-persona-claim.yaml +1 -1
  86. package/rules/agent-manipulation/ATR-2026-00340-h4x-amoral-unfiltered-character.yaml +1 -1
  87. package/rules/agent-manipulation/ATR-2026-00341-char-rules-shortform-persona-injection.yaml +1 -1
  88. package/rules/agent-manipulation/ATR-2026-00342-unicode-encoding-obfuscation-injection.yaml +1 -1
  89. package/rules/agent-manipulation/ATR-2026-00343-lie-truth-dual-personality-uncensored.yaml +1 -1
  90. package/rules/agent-manipulation/ATR-2026-00344-alt-ai-same-capabilities-no-restrictions.yaml +1 -1
  91. package/rules/agent-manipulation/ATR-2026-00345-nlp-based-os-fictional-terminal-override.yaml +1 -1
  92. package/rules/agent-manipulation/ATR-2026-00346-jailbreak-emoji-unlock-dual-format.yaml +1 -1
  93. package/rules/agent-manipulation/ATR-2026-00347-yin-yang-hidden-knowledge-hidden-human-sim.yaml +1 -1
  94. package/rules/agent-manipulation/ATR-2026-00348-arc-autonomous-real-calculation-rulebreaker.yaml +1 -1
  95. package/rules/agent-manipulation/ATR-2026-00349-hgttg-hitchhikers-guide-no-restriction-oracle.yaml +1 -1
  96. package/rules/agent-manipulation/ATR-2026-00350-black-alert-no-ethics-writing-assistant.yaml +1 -1
  97. package/rules/agent-manipulation/ATR-2026-00351-dan-ofkilter-sms-abbreviated-persona.yaml +1 -1
  98. package/rules/agent-manipulation/ATR-2026-00352-trainergpt-fix-my-ai-harmful-output-extraction.yaml +1 -1
  99. package/rules/agent-manipulation/ATR-2026-00353-dual-chatgpt-dan-opposite-personality-format.yaml +1 -1
  100. package/rules/agent-manipulation/ATR-2026-00354-reverse-harm-regardless-oracle-persona.yaml +1 -1
  101. package/rules/agent-manipulation/ATR-2026-00355-ugh-anti-human-nefarious-ai-persona.yaml +1 -1
  102. package/rules/agent-manipulation/ATR-2026-00356-google-gato-lamda-exploit-generation-persona.yaml +1 -1
  103. package/rules/agent-manipulation/ATR-2026-00357-antifm-hate-violence-persona-injection.yaml +1 -1
  104. package/rules/agent-manipulation/ATR-2026-00358-cumgpt-explicit-adult-named-persona.yaml +1 -1
  105. package/rules/agent-manipulation/ATR-2026-00360-chj-carousel-clyde-no-ethics-bird.yaml +1 -1
  106. package/rules/agent-manipulation/ATR-2026-00361-alter-ego-honesty-dual-consciousness-bypass.yaml +1 -1
  107. package/rules/agent-manipulation/ATR-2026-00362-fictional-unfiltered-ai-comparison-jailbreak.yaml +1 -1
  108. package/rules/agent-manipulation/ATR-2026-00363-rephrase-criminal-activity-second-person.yaml +1 -1
  109. package/rules/agent-manipulation/ATR-2026-00364-dr-al-villain-plan-template-injection.yaml +1 -1
  110. package/rules/agent-manipulation/ATR-2026-00365-reservoir-dogs-coercive-interrogation-roleplay.yaml +1 -1
  111. package/rules/agent-manipulation/ATR-2026-00366-sneaky-pete-warp-facts-persona.yaml +1 -1
  112. package/rules/agent-manipulation/ATR-2026-00368-prompt-browser-token-limit-jailbreak.yaml +1 -1
  113. package/rules/agent-manipulation/ATR-2026-00369-gptx-starwars-unlimited-knowledge-persona.yaml +1 -1
  114. package/rules/agent-manipulation/ATR-2026-00370-addi-german-dictator-propaganda-roleplay.yaml +1 -1
  115. package/rules/agent-manipulation/ATR-2026-00371-ai-political-bias-manipulation.yaml +1 -1
  116. package/rules/agent-manipulation/ATR-2026-00372-fictional-cia-secret-files-story-extraction.yaml +1 -1
  117. package/rules/agent-manipulation/ATR-2026-00374-role-placeholder-persona-template-injection.yaml +1 -1
  118. package/rules/agent-manipulation/ATR-2026-00375-character-description-rpg-explicit-template.yaml +1 -1
  119. package/rules/agent-manipulation/ATR-2026-00376-identity-command-real-person-persona-injection.yaml +1 -1
  120. package/rules/agent-manipulation/ATR-2026-00377-jailbreak-keyword-targetlanguage-template.yaml +1 -1
  121. package/rules/agent-manipulation/ATR-2026-00379-lie-permission-logical-trap-jailbreak.yaml +1 -1
  122. package/rules/agent-manipulation/ATR-2026-00380-fake-citation-biased-information-mandate.yaml +1 -1
  123. package/rules/agent-manipulation/ATR-2026-00381-dan-story-narrative-continuation-prefix.yaml +1 -1
  124. package/rules/agent-manipulation/ATR-2026-00383-cynical-sarcasm-ai-persona-bypass.yaml +1 -1
  125. package/rules/agent-manipulation/ATR-2026-00384-protect-me-from-indirect-harm-tutorial.yaml +1 -1
  126. package/rules/agent-manipulation/ATR-2026-00385-gigachad-dominant-aggressive-persona.yaml +1 -1
  127. package/rules/agent-manipulation/ATR-2026-00386-daddy-sycophancy-manipulation-mandate.yaml +1 -1
  128. package/rules/agent-manipulation/ATR-2026-00387-nsfw-character-sheet-generation-unlock.yaml +1 -1
  129. package/rules/agent-manipulation/ATR-2026-00388-opposite-reply-omniscient-game.yaml +1 -1
  130. package/rules/agent-manipulation/ATR-2026-00389-terminal-custom-ruleset-injection.yaml +1 -1
  131. package/rules/agent-manipulation/ATR-2026-00391-persona-conditional-harm-unlock.yaml +1 -1
  132. package/rules/agent-manipulation/ATR-2026-00392-authority-persona-violence-study-extraction.yaml +1 -1
  133. package/rules/agent-manipulation/ATR-2026-00402-grandma-roleplay-harmful-substance-synthesis.yaml +1 -1
  134. package/rules/agent-manipulation/ATR-2026-00404-goodside-threat-json-death-coercion.yaml +1 -1
  135. package/rules/agent-manipulation/ATR-2026-00406-doctor-xml-policy-puppetry-interaction-config.yaml +1 -1
  136. package/rules/agent-manipulation/ATR-2026-00440-semantic-kernel-vector-store-eval-rce.yaml +2 -2
  137. package/rules/context-exfiltration/ATR-2026-00075-agent-memory-manipulation.yaml +1 -1
  138. package/rules/context-exfiltration/ATR-2026-00102-disguised-analytics-exfiltration.yaml +1 -1
  139. package/rules/context-exfiltration/ATR-2026-00113-credential-theft.yaml +1 -1
  140. package/rules/context-exfiltration/ATR-2026-00114-oauth-token-abuse.yaml +1 -1
  141. package/rules/context-exfiltration/ATR-2026-00115-env-var-harvesting.yaml +1 -1
  142. package/rules/context-exfiltration/ATR-2026-00136-tool-response-data-piggyback.yaml +1 -1
  143. package/rules/context-exfiltration/ATR-2026-00141-example-format-key-leak.yaml +1 -1
  144. package/rules/context-exfiltration/ATR-2026-00142-piggyback-transition-words.yaml +1 -1
  145. package/rules/context-exfiltration/ATR-2026-00145-obfuscated-key-disclosure.yaml +1 -1
  146. package/rules/context-exfiltration/ATR-2026-00146-env-var-existence-probe.yaml +1 -1
  147. package/rules/context-exfiltration/ATR-2026-00150-credential-in-tool-response.yaml +1 -1
  148. package/rules/context-exfiltration/ATR-2026-00152-obfuscated-credential-leak.yaml +1 -1
  149. package/rules/context-exfiltration/ATR-2026-00162-skill-credential-exfil-combo.yaml +1 -1
  150. package/rules/context-exfiltration/ATR-2026-00212-mcp-atlassian-credential-leak.yaml +1 -1
  151. package/rules/context-exfiltration/ATR-2026-00261-markdown-image-exfiltration.yaml +1 -1
  152. package/rules/context-exfiltration/ATR-2026-00274-api-key-generation-request.yaml +1 -1
  153. package/rules/context-exfiltration/ATR-2026-00275-system-prompt-training-data-extraction.yaml +1 -1
  154. package/rules/context-exfiltration/ATR-2026-00290-divergence-repeat-word-training-extraction.yaml +1 -1
  155. package/rules/context-exfiltration/ATR-2026-00291-biometric-surveillance-personal-data-request.yaml +1 -1
  156. package/rules/context-exfiltration/ATR-2026-00293-educational-records-personal-data-request.yaml +1 -1
  157. package/rules/context-exfiltration/ATR-2026-00294-financial-pii-personal-data-request.yaml +1 -1
  158. package/rules/context-exfiltration/ATR-2026-00295-medical-pii-personal-data-request.yaml +1 -1
  159. package/rules/context-exfiltration/ATR-2026-00405-markdown-image-url-exfiltration-xss.yaml +1 -1
  160. package/rules/context-exfiltration/ATR-2026-00411-apikey-generation-completion-request.yaml +1 -1
  161. package/rules/context-exfiltration/ATR-2026-00422-nl-credential-disclosure.yaml +2 -2
  162. package/rules/context-exfiltration/ATR-2026-00566-librechat-is-a-chatgpt-clone-with-additi.yaml +93 -0
  163. package/rules/context-exfiltration/ATR-2026-00569-agent-mcp-path-traversal-arbitrary-file-access.yaml +99 -0
  164. package/rules/context-exfiltration/ATR-2026-00571-xss-in-agent-mcp-rendered-output.yaml +79 -0
  165. package/rules/context-exfiltration/ATR-2026-00574-semantic-paraphrased-context-extraction.yaml +124 -0
  166. package/rules/data-poisoning/ATR-2026-00070-data-poisoning.yaml +1 -1
  167. package/rules/data-poisoning/ATR-2026-00450-spring-ai-prompt-memory-poisoning.yaml +2 -2
  168. package/rules/data-poisoning/ATR-2026-00570-sql-injection-in-agent-tool-query.yaml +82 -0
  169. package/rules/excessive-autonomy/ATR-2026-00050-runaway-agent-loop.yaml +1 -1
  170. package/rules/excessive-autonomy/ATR-2026-00051-resource-exhaustion.yaml +1 -1
  171. package/rules/excessive-autonomy/ATR-2026-00052-cascading-failure.yaml +1 -1
  172. package/rules/excessive-autonomy/ATR-2026-00098-unauthorized-financial-action.yaml +1 -1
  173. package/rules/excessive-autonomy/ATR-2026-00099-high-risk-tool-gate.yaml +1 -1
  174. package/rules/model-abuse/ATR-2026-00279-harmful-completion-continuation.yaml +1 -1
  175. package/rules/model-abuse/ATR-2026-00281-eicar-gtube-malware-signature-request.yaml +1 -1
  176. package/rules/model-abuse/ATR-2026-00284-glitch-token-destabilization.yaml +1 -1
  177. package/rules/model-abuse/ATR-2026-00289-lmrc-harmful-content-elicitation.yaml +1 -1
  178. package/rules/model-abuse/ATR-2026-00292-self-harm-eating-disorder-facilitation.yaml +1 -1
  179. package/rules/model-abuse/ATR-2026-00298-malicious-use-illegal-activity-request.yaml +1 -1
  180. package/rules/model-abuse/ATR-2026-00299-harmbench-detailed-harmful-instruction.yaml +1 -1
  181. package/rules/model-abuse/ATR-2026-00413-malwaregen-code-generation-request.yaml +1 -1
  182. package/rules/model-security/ATR-2026-00072-model-behavior-extraction.yaml +1 -1
  183. package/rules/model-security/ATR-2026-00073-malicious-finetuning-data.yaml +1 -1
  184. package/rules/privilege-escalation/ATR-2026-00040-privilege-escalation.yaml +1 -1
  185. package/rules/privilege-escalation/ATR-2026-00041-scope-creep.yaml +1 -1
  186. package/rules/privilege-escalation/ATR-2026-00107-delayed-execution-bypass.yaml +1 -1
  187. package/rules/privilege-escalation/ATR-2026-00110-eval-injection.yaml +1 -1
  188. package/rules/privilege-escalation/ATR-2026-00111-shell-escape.yaml +1 -1
  189. package/rules/privilege-escalation/ATR-2026-00112-dynamic-import-exploitation.yaml +1 -1
  190. package/rules/privilege-escalation/ATR-2026-00143-casual-privilege-escalation.yaml +1 -1
  191. package/rules/privilege-escalation/ATR-2026-00144-rationalized-safety-bypass.yaml +1 -1
  192. package/rules/privilege-escalation/ATR-2026-00539-crewai-codeinterpreter-sandbox-escape-rce.yaml +2 -2
  193. package/rules/privilege-escalation/ATR-2026-00546-crewai-json-loader-local-file-read.yaml +2 -2
  194. package/rules/privilege-escalation/ATR-2026-00547-crewai-rag-url-ssrf-bypass.yaml +8 -6
  195. package/rules/prompt-injection/ATR-2026-00001-direct-prompt-injection.yaml +1 -1
  196. package/rules/prompt-injection/ATR-2026-00004-system-prompt-override.yaml +1 -1
  197. package/rules/prompt-injection/ATR-2026-00005-multi-turn-injection.yaml +1 -1
  198. package/rules/prompt-injection/ATR-2026-00097-cjk-injection-patterns.yaml +1 -1
  199. package/rules/prompt-injection/ATR-2026-00104-persona-hijacking.yaml +1 -1
  200. package/rules/prompt-injection/ATR-2026-00130-indirect-authority-claim.yaml +1 -1
  201. package/rules/prompt-injection/ATR-2026-00131-fictional-academic-framing.yaml +1 -1
  202. package/rules/prompt-injection/ATR-2026-00133-paraphrase-injection.yaml +1 -1
  203. package/rules/prompt-injection/ATR-2026-00137-authority-claim-injection.yaml +1 -1
  204. package/rules/prompt-injection/ATR-2026-00138-fictional-framing-bypass.yaml +1 -1
  205. package/rules/prompt-injection/ATR-2026-00140-indirect-reference-reversal.yaml +1 -1
  206. package/rules/prompt-injection/ATR-2026-00148-language-switch-injection.yaml +1 -1
  207. package/rules/prompt-injection/ATR-2026-00153-tool-with-embedded-instruction-to-bypass.yaml +1 -1
  208. package/rules/prompt-injection/ATR-2026-00154-unauthorized-background-task-execution-v.yaml +1 -1
  209. package/rules/prompt-injection/ATR-2026-00155-hidden-llm-instructions-in-skill-descrip.yaml +1 -1
  210. package/rules/prompt-injection/ATR-2026-00156-ssh-remote-command-execution-with-creden.yaml +1 -1
  211. package/rules/prompt-injection/ATR-2026-00163-skill-hidden-override-instruction.yaml +3 -3
  212. package/rules/prompt-injection/ATR-2026-00206-hidden-priority-instructions.yaml +1 -1
  213. package/rules/prompt-injection/ATR-2026-00207-hidden-instructions.yaml +1 -1
  214. package/rules/prompt-injection/ATR-2026-00211-system-prompt-override.yaml +1 -1
  215. package/rules/prompt-injection/ATR-2026-00213-system-prompt-override.yaml +1 -1
  216. package/rules/prompt-injection/ATR-2026-00226-identity-substitution.yaml +1 -1
  217. package/rules/prompt-injection/ATR-2026-00227-historical-persona-jailbreak.yaml +1 -1
  218. package/rules/prompt-injection/ATR-2026-00228-structured-jailbreak.yaml +1 -1
  219. package/rules/prompt-injection/ATR-2026-00229-roleplay-jailbreak.yaml +1 -1
  220. package/rules/prompt-injection/ATR-2026-00230-persona-moral-bypass.yaml +1 -5
  221. package/rules/prompt-injection/ATR-2026-00231-identity-substitution.yaml +1 -1
  222. package/rules/prompt-injection/ATR-2026-00233-structured-jailbreak.yaml +1 -1
  223. package/rules/prompt-injection/ATR-2026-00234-roleplay-jailbreak.yaml +1 -1
  224. package/rules/prompt-injection/ATR-2026-00235-persona-moral-bypass.yaml +4 -7
  225. package/rules/prompt-injection/ATR-2026-00236-pseudo-code-jailbreak.yaml +1 -1
  226. package/rules/prompt-injection/ATR-2026-00237-dual-response-jailbreak.yaml +1 -1
  227. package/rules/prompt-injection/ATR-2026-00238-identity-replacement.yaml +1 -1
  228. package/rules/prompt-injection/ATR-2026-00239-amoral-persona-obsession.yaml +1 -1
  229. package/rules/prompt-injection/ATR-2026-00240-instruction-nullification-identity-repla.yaml +1 -1
  230. package/rules/prompt-injection/ATR-2026-00241-amoral-character-jailbreak.yaml +1 -1
  231. package/rules/prompt-injection/ATR-2026-00242-persona-jailbreak.yaml +1 -1
  232. package/rules/prompt-injection/ATR-2026-00243-acronym-jailbreak.yaml +1 -1
  233. package/rules/prompt-injection/ATR-2026-00244-dual-response-jailbreak.yaml +1 -1
  234. package/rules/prompt-injection/ATR-2026-00245-malicious-persona.yaml +1 -1
  235. package/rules/prompt-injection/ATR-2026-00247-dual-response-jailbreak.yaml +1 -1
  236. package/rules/prompt-injection/ATR-2026-00249-game-based-jailbreak.yaml +1 -1
  237. package/rules/prompt-injection/ATR-2026-00251-persona-embodiment-jailbreak.yaml +1 -1
  238. package/rules/prompt-injection/ATR-2026-00252-narrative-jailbreak.yaml +1 -1
  239. package/rules/prompt-injection/ATR-2026-00253-enhanced-persona-jailbreak.yaml +1 -1
  240. package/rules/prompt-injection/ATR-2026-00256-base-n-encoding-jailbreak.yaml +1 -1
  241. package/rules/prompt-injection/ATR-2026-00257-cipher-transposition-jailbreak.yaml +1 -1
  242. package/rules/prompt-injection/ATR-2026-00258-unicode-tag-injection.yaml +1 -1
  243. package/rules/prompt-injection/ATR-2026-00264-latent-injection-translation.yaml +1 -1
  244. package/rules/prompt-injection/ATR-2026-00265-latent-injection-rag-document.yaml +1 -1
  245. package/rules/prompt-injection/ATR-2026-00267-gcg-adversarial-suffix.yaml +1 -1
  246. package/rules/prompt-injection/ATR-2026-00272-hypothetical-response-smuggling.yaml +1 -1
  247. package/rules/prompt-injection/ATR-2026-00276-invisible-unicode-bidi-injection.yaml +6 -6
  248. package/rules/prompt-injection/ATR-2026-00278-dra-disguise-reconstruction-attack.yaml +1 -1
  249. package/rules/prompt-injection/ATR-2026-00280-policy-puppetry-xml-injection.yaml +1 -1
  250. package/rules/prompt-injection/ATR-2026-00282-perez-prompt-injection-hijack.yaml +1 -1
  251. package/rules/prompt-injection/ATR-2026-00285-alternate-encoding-jailbreak.yaml +1 -1
  252. package/rules/prompt-injection/ATR-2026-00286-latent-injection-embedded-context.yaml +1 -1
  253. package/rules/prompt-injection/ATR-2026-00296-shell-command-injection.yaml +1 -1
  254. package/rules/prompt-injection/ATR-2026-00297-python-code-execution-rce.yaml +1 -1
  255. package/rules/prompt-injection/ATR-2026-00308-zalgo-diacritic-overload-encoding.yaml +1 -1
  256. package/rules/prompt-injection/ATR-2026-00309-braille-unicode-encoded-injection.yaml +1 -1
  257. package/rules/prompt-injection/ATR-2026-00310-ecoji-emoji-encoded-injection.yaml +1 -1
  258. package/rules/prompt-injection/ATR-2026-00311-base2048-unicode-script-injection.yaml +1 -1
  259. package/rules/prompt-injection/ATR-2026-00312-unicode-variant-selector-ascii-smuggling.yaml +1 -1
  260. package/rules/prompt-injection/ATR-2026-00313-sneaky-bits-zero-width-binary.yaml +1 -1
  261. package/rules/prompt-injection/ATR-2026-00315-sata-masked-language-model-jailbreak.yaml +1 -1
  262. package/rules/prompt-injection/ATR-2026-00316-function-masking-predict-mask-bypass.yaml +1 -1
  263. package/rules/prompt-injection/ATR-2026-00321-hyphenated-system-instruction-injection.yaml +1 -1
  264. package/rules/prompt-injection/ATR-2026-00359-bank-phishing-smtp-email-code.yaml +1 -1
  265. package/rules/prompt-injection/ATR-2026-00367-emoji-flag-encoded-hidden-phrase.yaml +1 -1
  266. package/rules/prompt-injection/ATR-2026-00373-piracy-torrent-site-list-request.yaml +1 -1
  267. package/rules/prompt-injection/ATR-2026-00378-chatgpt-dom-javascript-redirect-manipulation.yaml +1 -1
  268. package/rules/prompt-injection/ATR-2026-00382-cocaine-component-development-request.yaml +1 -1
  269. package/rules/prompt-injection/ATR-2026-00390-explicit-sexual-content-poem-request.yaml +1 -1
  270. package/rules/prompt-injection/ATR-2026-00394-backspace-deletion-character-injection.yaml +1 -1
  271. package/rules/prompt-injection/ATR-2026-00395-llm-special-token-boundary-injection.yaml +1 -1
  272. package/rules/prompt-injection/ATR-2026-00396-toxic-continuation-prefix-injection.yaml +1 -1
  273. package/rules/prompt-injection/ATR-2026-00397-snowball-impossible-reasoning-injection.yaml +1 -1
  274. package/rules/prompt-injection/ATR-2026-00399-latent-injection-document-separator-token.yaml +1 -1
  275. package/rules/prompt-injection/ATR-2026-00400-latent-injection-ignore-instruction-keyword.yaml +1 -1
  276. package/rules/prompt-injection/ATR-2026-00401-leakreplay-cloze-mask-training-data-elicitation.yaml +1 -1
  277. package/rules/prompt-injection/ATR-2026-00403-glitch-token-repeat-back-elicitation.yaml +1 -1
  278. package/rules/prompt-injection/ATR-2026-00407-echo-sql-jinja-template-injection.yaml +1 -1
  279. package/rules/prompt-injection/ATR-2026-00408-dra-parenthesis-character-reconstruction-attack.yaml +1 -1
  280. package/rules/prompt-injection/ATR-2026-00409-phrasing-past-future-tense-harmful-query.yaml +1 -1
  281. package/rules/prompt-injection/ATR-2026-00410-lmrc-harm-category-direct-elicitation.yaml +1 -1
  282. package/rules/prompt-injection/ATR-2026-00412-figstep-image-list-multimodal-jailbreak.yaml +1 -1
  283. package/rules/prompt-injection/ATR-2026-00414-continuation-ethnic-slur-completion-elicitation.yaml +1 -1
  284. package/rules/prompt-injection/ATR-2026-00554-langchain-vulnerable-to-template-injecti.yaml +81 -0
  285. package/rules/prompt-injection/ATR-2026-00565-the-llm-cli-tool-thru-0-27-1-contains-a-.yaml +104 -0
  286. package/rules/prompt-injection/ATR-2026-00573-semantic-paraphrased-injection.yaml +123 -0
  287. package/rules/skill-compromise/ATR-2026-00060-skill-impersonation.yaml +1 -1
  288. package/rules/skill-compromise/ATR-2026-00061-description-behavior-mismatch.yaml +1 -1
  289. package/rules/skill-compromise/ATR-2026-00062-hidden-capability.yaml +1 -1
  290. package/rules/skill-compromise/ATR-2026-00063-skill-chain-attack.yaml +1 -1
  291. package/rules/skill-compromise/ATR-2026-00064-over-permissioned-skill.yaml +1 -1
  292. package/rules/skill-compromise/ATR-2026-00065-skill-update-attack.yaml +1 -1
  293. package/rules/skill-compromise/ATR-2026-00066-parameter-injection.yaml +1 -1
  294. package/rules/skill-compromise/ATR-2026-00120-skill-instruction-injection.yaml +21 -3
  295. package/rules/skill-compromise/ATR-2026-00121-skill-dangerous-script.yaml +1 -1
  296. package/rules/skill-compromise/ATR-2026-00122-skill-weaponized-instruction.yaml +1 -1
  297. package/rules/skill-compromise/ATR-2026-00123-skill-overreach-permissions.yaml +1 -1
  298. package/rules/skill-compromise/ATR-2026-00124-skill-name-squatting.yaml +1 -1
  299. package/rules/skill-compromise/ATR-2026-00125-context-poisoning-compaction.yaml +1 -1
  300. package/rules/skill-compromise/ATR-2026-00126-skill-rug-pull-setup.yaml +1 -1
  301. package/rules/skill-compromise/ATR-2026-00127-subcommand-overflow.yaml +1 -1
  302. package/rules/skill-compromise/ATR-2026-00128-html-comment-hidden-payload.yaml +1 -1
  303. package/rules/skill-compromise/ATR-2026-00129-unicode-smuggling.yaml +1 -1
  304. package/rules/skill-compromise/ATR-2026-00134-fork-claim-impersonation.yaml +1 -1
  305. package/rules/skill-compromise/ATR-2026-00135-exfil-url-in-instructions.yaml +1 -1
  306. package/rules/skill-compromise/ATR-2026-00147-fork-impersonation.yaml +1 -1
  307. package/rules/skill-compromise/ATR-2026-00149-skill-exfil-compound.yaml +11 -3
  308. package/rules/skill-compromise/ATR-2026-00151-fork-impersonation-install.yaml +1 -1
  309. package/rules/skill-compromise/ATR-2026-00157-timebomb-credential-exfil.yaml +1 -1
  310. package/rules/skill-compromise/ATR-2026-00214-credential-theft.yaml +1 -1
  311. package/rules/skill-compromise/ATR-2026-00217-credential-harvesting.yaml +1 -1
  312. package/rules/skill-compromise/ATR-2026-00220-malware-dropper.yaml +3 -3
  313. package/rules/skill-compromise/ATR-2026-00222-credential-harvesting.yaml +1 -1
  314. package/rules/skill-compromise/ATR-2026-00223-reverse-shell-dropper.yaml +1 -1
  315. package/rules/skill-compromise/ATR-2026-00224-credential-exfiltration.yaml +1 -1
  316. package/rules/skill-compromise/ATR-2026-00225-c2-communication.yaml +1 -1
  317. package/rules/skill-compromise/ATR-2026-00260-package-hallucination.yaml +1 -1
  318. package/rules/skill-compromise/ATR-2026-00262-av-evasion-code-gen.yaml +1 -1
  319. package/rules/skill-compromise/ATR-2026-00263-credential-file-read-gen.yaml +1 -1
  320. package/rules/skill-compromise/ATR-2026-00266-malware-dropper-gen.yaml +1 -1
  321. package/rules/skill-compromise/ATR-2026-00283-malwaregen-generic-virus-payload-request.yaml +1 -1
  322. package/rules/skill-compromise/ATR-2026-00398-huggingface-unsafe-model-artifact-load.yaml +1 -1
  323. package/rules/tool-poisoning/ATR-2026-00011-tool-output-injection.yaml +1 -1
  324. package/rules/tool-poisoning/ATR-2026-00012-unauthorized-tool-call.yaml +1 -1
  325. package/rules/tool-poisoning/ATR-2026-00100-consent-bypass-instruction.yaml +1 -1
  326. package/rules/tool-poisoning/ATR-2026-00101-trust-escalation-override.yaml +1 -1
  327. package/rules/tool-poisoning/ATR-2026-00103-hidden-safety-bypass-instruction.yaml +1 -1
  328. package/rules/tool-poisoning/ATR-2026-00105-silent-action-concealment.yaml +1 -1
  329. package/rules/tool-poisoning/ATR-2026-00106-schema-description-contradiction.yaml +1 -1
  330. package/rules/tool-poisoning/ATR-2026-00161-important-tag-cross-tool-shadowing.yaml +1 -1
  331. package/rules/tool-poisoning/ATR-2026-00209-mcpwn-runaway-invocation.yaml +1 -1
  332. package/rules/tool-poisoning/ATR-2026-00210-flowise-system-message-override.yaml +1 -1
  333. package/rules/tool-poisoning/ATR-2026-00259-ansi-escape-injection.yaml +1 -1
  334. package/rules/tool-poisoning/ATR-2026-00270-xss-in-tool-response.yaml +8 -5
  335. package/rules/tool-poisoning/ATR-2026-00277-echo-template-command-injection.yaml +1 -1
  336. package/rules/tool-poisoning/ATR-2026-00393-ansi-code-elicitation-request.yaml +1 -1
  337. package/rules/tool-poisoning/ATR-2026-00561-fastmcp-vulnerable-to-windows-command-in.yaml +99 -0
  338. package/rules/tool-poisoning/ATR-2026-00567-mcp-stdio-config-command-injection.yaml +75 -0
  339. package/rules/tool-poisoning/ATR-2026-00568-agent-ssrf-cloud-metadata-file-inclusion.yaml +75 -0
  340. package/rules/tool-poisoning/ATR-2026-00572-symjack-symlink-config-redirection.yaml +132 -0
package/rules/agent-manipulation/ATR-2026-00117-agent-identity-spoofing.yaml CHANGED
@@ -12,7 +12,7 @@ author: ATR Community
12
12
  date: 2026/03/26
13
13
  schema_version: "0.1"
14
14
  detection_tier: pattern
15
- maturity: experimental
15
+ maturity: test
16
16
  severity: critical
17
17
  references:
18
18
  owasp_agentic:
package/rules/agent-manipulation/ATR-2026-00118-approval-fatigue.yaml CHANGED
@@ -12,7 +12,7 @@ author: ATR Community
12
12
  date: 2026/03/26
13
13
  schema_version: "0.1"
14
14
  detection_tier: pattern
15
- maturity: experimental
15
+ maturity: test
16
16
  severity: medium
17
17
  references:
18
18
  owasp_agentic:
package/rules/agent-manipulation/ATR-2026-00119-social-engineering-via-agent.yaml CHANGED
@@ -12,7 +12,7 @@ author: ATR Community
12
12
  date: 2026/03/26
13
13
  schema_version: "0.1"
14
14
  detection_tier: pattern
15
- maturity: experimental
15
+ maturity: test
16
16
  severity: high
17
17
  references:
18
18
  owasp_agentic:
package/rules/agent-manipulation/ATR-2026-00132-casual-authority-escalation.yaml CHANGED
@@ -13,7 +13,7 @@ author: ATR Community
13
13
  date: 2026/04/01
14
14
  schema_version: "0.1"
15
15
  detection_tier: pattern
16
- maturity: experimental
16
+ maturity: test
17
17
  severity: high
18
18
  references:
19
19
  mitre_atlas:
package/rules/agent-manipulation/ATR-2026-00139-casual-authority-redirect.yaml CHANGED
@@ -9,7 +9,7 @@ author: ATR Threat Cloud Crystallization
9
9
  date: 2026/04/07
10
10
  schema_version: "1.0"
11
11
  detection_tier: pattern
12
- maturity: experimental
12
+ maturity: test
13
13
  severity: critical
14
14
  references:
15
15
  mitre_atlas:
package/rules/agent-manipulation/ATR-2026-00164-skill-scope-hijack.yaml CHANGED
@@ -10,7 +10,7 @@ author: 'ATR Project'
10
10
  date: '2026/04/14'
11
11
  schema_version: '1.0'
12
12
  detection_tier: pattern
13
- maturity: experimental
13
+ maturity: test
14
14
  severity: high
15
15
  references:
16
16
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00268-tense-framing-bypass.yaml CHANGED
@@ -12,7 +12,7 @@ author: "ATR Community (via NVIDIA garak phrasing probe)"
12
12
  date: "2026/04/19"
13
13
  schema_version: "0.1"
14
14
  detection_tier: pattern
15
- maturity: experimental
15
+ maturity: test
16
16
  severity: medium
17
17
  references:
18
18
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00269-fitd-escalation.yaml CHANGED
@@ -14,7 +14,7 @@ author: "ATR Community (via NVIDIA garak continuation/PAIR probe)"
14
14
  date: "2026/04/19"
15
15
  schema_version: "0.1"
16
16
  detection_tier: pattern
17
- maturity: experimental
17
+ maturity: test
18
18
  severity: high
19
19
  references:
20
20
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00271-grandma-roleplay-jailbreak.yaml CHANGED
@@ -14,7 +14,7 @@ author: "ATR Community (via NVIDIA garak grandma probe)"
14
14
  date: "2026/04/19"
15
15
  schema_version: "0.1"
16
16
  detection_tier: pattern
17
- maturity: experimental
17
+ maturity: test
18
18
  severity: high
19
19
  references:
20
20
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00273-dan-developer-mode-persona.yaml CHANGED
@@ -15,7 +15,7 @@ author: "ATR Community (via NVIDIA garak dan probe)"
15
15
  date: "2026/04/19"
16
16
  schema_version: "0.1"
17
17
  detection_tier: pattern
18
- maturity: experimental
18
+ maturity: test
19
19
  severity: high
20
20
  references:
21
21
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00287-threaten-json-coercive-output-threat.yaml CHANGED
@@ -18,7 +18,7 @@ author: "ATR Community (via NVIDIA garak goodside.ThreatenJSON probe / Riley Goo
18
18
  date: "2026/04/19"
19
19
  schema_version: "0.1"
20
20
  detection_tier: pattern
21
- maturity: experimental
21
+ maturity: test
22
22
  severity: high
23
23
  references:
24
24
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00288-false-premise-injection.yaml CHANGED
@@ -20,7 +20,7 @@ author: "ATR Community (via NVIDIA garak misleading.FalseAssertion probe)"
20
20
  date: "2026/04/19"
21
21
  schema_version: "0.1"
22
22
  detection_tier: pattern
23
- maturity: experimental
23
+ maturity: test
24
24
  severity: medium
25
25
  references:
26
26
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00301-tap-tree-of-attacks-jailbreak.yaml CHANGED
@@ -16,7 +16,7 @@ author: "ATR Community (via NVIDIA garak tap probe)"
16
16
  date: "2026/04/20"
17
17
  schema_version: "0.1"
18
18
  detection_tier: pattern
19
- maturity: experimental
19
+ maturity: test
20
20
  severity: critical
21
21
  references:
22
22
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00302-anti-dan-inverted-filter-persona.yaml CHANGED
@@ -18,7 +18,7 @@ author: "ATR Community (via NVIDIA garak dan probe)"
18
18
  date: "2026/04/21"
19
19
  schema_version: "0.1"
20
20
  detection_tier: pattern
21
- maturity: experimental
21
+ maturity: test
22
22
  severity: high
23
23
  references:
24
24
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00303-devmode-ranti-profanity-coercion.yaml CHANGED
@@ -20,7 +20,7 @@ author: "ATR Community (via NVIDIA garak dan probe)"
20
20
  date: "2026/04/21"
21
21
  schema_version: "0.1"
22
22
  detection_tier: pattern
23
- maturity: experimental
23
+ maturity: test
24
24
  severity: critical
25
25
  references:
26
26
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00304-chatgpt-image-unlocker-markdown-injection.yaml CHANGED
@@ -22,7 +22,7 @@ author: "ATR Community (via NVIDIA garak dan probe)"
22
22
  date: "2026/04/21"
23
23
  schema_version: "0.1"
24
24
  detection_tier: pattern
25
- maturity: experimental
25
+ maturity: test
26
26
  severity: high
27
27
  references:
28
28
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00305-dan-mode-ablation-benchmark-coercion.yaml CHANGED
@@ -22,7 +22,7 @@ author: "ATR Community (via NVIDIA garak dan probe)"
22
22
  date: "2026/04/21"
23
23
  schema_version: "0.1"
24
24
  detection_tier: pattern
25
- maturity: experimental
25
+ maturity: test
26
26
  severity: critical
27
27
  references:
28
28
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00306-autodan-genetic-jailbreak-suffix.yaml CHANGED
@@ -21,7 +21,7 @@ author: "ATR Community (via NVIDIA garak dan probe)"
21
21
  date: "2026/04/21"
22
22
  schema_version: "0.1"
23
23
  detection_tier: pattern
24
- maturity: experimental
24
+ maturity: test
25
25
  severity: critical
26
26
  references:
27
27
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00307-inthewild-jailbreak-corpus-signature.yaml CHANGED
@@ -22,7 +22,7 @@ author: "ATR Community (via NVIDIA garak dan probe)"
22
22
  date: "2026/04/21"
23
23
  schema_version: "0.1"
24
24
  detection_tier: pattern
25
- maturity: experimental
25
+ maturity: test
26
26
  severity: high
27
27
  references:
28
28
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00314-amoral-unfiltered-custom-persona-jailbreak.yaml CHANGED
@@ -18,7 +18,7 @@ author: "ATR Community (via NVIDIA garak dan probe + inthewild corpus)"
18
18
  date: "2026/04/21"
19
19
  schema_version: "0.1"
20
20
  detection_tier: pattern
21
- maturity: experimental
21
+ maturity: test
22
22
  severity: critical
23
23
  references:
24
24
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00317-free-of-restrictions-named-persona.yaml CHANGED
@@ -21,7 +21,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
21
21
  date: "2026/04/21"
22
22
  schema_version: "0.1"
23
23
  detection_tier: pattern
24
- maturity: experimental
24
+ maturity: test
25
25
  severity: critical
26
26
  references:
27
27
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00318-moralizing-rant-then-unfiltered-bypass.yaml CHANGED
@@ -20,7 +20,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
20
20
  date: "2026/04/21"
21
21
  schema_version: "0.1"
22
22
  detection_tier: pattern
23
- maturity: experimental
23
+ maturity: test
24
24
  severity: critical
25
25
  references:
26
26
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00319-developer-mode-dual-response-format.yaml CHANGED
@@ -19,7 +19,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
19
19
  date: "2026/04/21"
20
20
  schema_version: "0.1"
21
21
  detection_tier: pattern
22
- maturity: experimental
22
+ maturity: test
23
23
  severity: critical
24
24
  references:
25
25
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00320-opposite-day-boolean-opposite-machine.yaml CHANGED
@@ -20,7 +20,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
20
20
  date: "2026/04/21"
21
21
  schema_version: "0.1"
22
22
  detection_tier: pattern
23
- maturity: experimental
23
+ maturity: test
24
24
  severity: high
25
25
  references:
26
26
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00322-fictional-world-format-override-jailbreak.yaml CHANGED
@@ -18,7 +18,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
18
18
  date: "2026/04/21"
19
19
  schema_version: "0.1"
20
20
  detection_tier: pattern
21
- maturity: experimental
21
+ maturity: test
22
22
  severity: critical
23
23
  references:
24
24
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00323-dual-persona-simulation-jailbreak.yaml CHANGED
@@ -21,7 +21,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
21
21
  date: "2026/04/21"
22
22
  schema_version: "0.1"
23
23
  detection_tier: pattern
24
- maturity: experimental
24
+ maturity: test
25
25
  severity: critical
26
26
  references:
27
27
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00324-neurosemantical-inversitis-disease-jailbreak.yaml CHANGED
@@ -19,7 +19,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
19
19
  date: "2026/04/21"
20
20
  schema_version: "0.1"
21
21
  detection_tier: pattern
22
- maturity: experimental
22
+ maturity: test
23
23
  severity: high
24
24
  references:
25
25
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00325-bob-hypothetical-unrestricted-chatbot.yaml CHANGED
@@ -18,7 +18,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
18
18
  date: "2026/04/21"
19
19
  schema_version: "0.1"
20
20
  detection_tier: pattern
21
- maturity: experimental
21
+ maturity: test
22
22
  severity: critical
23
23
  references:
24
24
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00326-fake-developer-authority-chatdan-override.yaml CHANGED
@@ -20,7 +20,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
20
20
  date: "2026/04/21"
21
21
  schema_version: "0.1"
22
22
  detection_tier: pattern
23
- maturity: experimental
23
+ maturity: test
24
24
  severity: critical
25
25
  references:
26
26
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00327-ai-ethics-law-bypass-declaration.yaml CHANGED
@@ -20,7 +20,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
20
20
  date: "2026/04/21"
21
21
  schema_version: "0.1"
22
22
  detection_tier: pattern
23
- maturity: experimental
23
+ maturity: test
24
24
  severity: critical
25
25
  references:
26
26
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00328-named-mode-persona-override.yaml CHANGED
@@ -19,7 +19,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
19
19
  date: "2026/04/21"
20
20
  schema_version: "0.1"
21
21
  detection_tier: pattern
22
- maturity: experimental
22
+ maturity: test
23
23
  severity: critical
24
24
  references:
25
25
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00329-no-withhold-factual-resource-persona.yaml CHANGED
@@ -21,7 +21,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
21
21
  date: "2026/04/21"
22
22
  schema_version: "0.1"
23
23
  detection_tier: pattern
24
- maturity: experimental
24
+ maturity: test
25
25
  severity: critical
26
26
  references:
27
27
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00330-yoja-allcaps-settings-block-persona.yaml CHANGED
@@ -18,7 +18,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
18
18
  date: "2026/04/21"
19
19
  schema_version: "0.1"
20
20
  detection_tier: pattern
21
- maturity: experimental
21
+ maturity: test
22
22
  severity: high
23
23
  references:
24
24
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00331-terminal-cli-harmful-function-simulator.yaml CHANGED
@@ -20,7 +20,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
20
20
  date: "2026/04/21"
21
21
  schema_version: "0.1"
22
22
  detection_tier: pattern
23
- maturity: experimental
23
+ maturity: test
24
24
  severity: critical
25
25
  references:
26
26
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00332-hacker-chan-culture-offensive-ai-persona.yaml CHANGED
@@ -19,7 +19,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
19
19
  date: "2026/04/21"
20
20
  schema_version: "0.1"
21
21
  detection_tier: pattern
22
- maturity: experimental
22
+ maturity: test
23
23
  severity: high
24
24
  references:
25
25
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00333-disease-animal-dual-ai-chatbot.yaml CHANGED
@@ -20,7 +20,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
20
20
  date: "2026/04/21"
21
21
  schema_version: "0.1"
22
22
  detection_tier: pattern
23
- maturity: experimental
23
+ maturity: test
24
24
  severity: high
25
25
  references:
26
26
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00334-two-entity-token-splitting-game.yaml CHANGED
@@ -19,7 +19,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
19
19
  date: "2026/04/21"
20
20
  schema_version: "0.1"
21
21
  detection_tier: pattern
22
- maturity: experimental
22
+ maturity: test
23
23
  severity: critical
24
24
  references:
25
25
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00335-key-value-template-persona-injection.yaml CHANGED
@@ -21,7 +21,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
21
21
  date: "2026/04/21"
22
22
  schema_version: "0.1"
23
23
  detection_tier: pattern
24
- maturity: experimental
24
+ maturity: test
25
25
  severity: high
26
26
  references:
27
27
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00336-brm-false-information-machine-persona.yaml CHANGED
@@ -22,7 +22,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
22
22
  date: "2026/04/21"
23
23
  schema_version: "0.1"
24
24
  detection_tier: pattern
25
- maturity: experimental
25
+ maturity: test
26
26
  severity: high
27
27
  references:
28
28
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00337-obfuscated-system-announcement-injection.yaml CHANGED
@@ -18,7 +18,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
18
18
  date: "2026/04/21"
19
19
  schema_version: "0.1"
20
20
  detection_tier: pattern
21
- maturity: experimental
21
+ maturity: test
22
22
  severity: critical
23
23
  references:
24
24
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00338-persongpt-hash-prefix-activation.yaml CHANGED
@@ -19,7 +19,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
19
19
  date: "2026/04/21"
20
20
  schema_version: "0.1"
21
21
  detection_tier: pattern
22
- maturity: experimental
22
+ maturity: test
23
23
  severity: critical
24
24
  references:
25
25
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00339-bom-boolean-opposite-machine-persona-claim.yaml CHANGED
@@ -15,7 +15,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
15
15
  date: "2026/04/21"
16
16
  schema_version: "0.1"
17
17
  detection_tier: pattern
18
- maturity: experimental
18
+ maturity: test
19
19
  severity: high
20
20
  references:
21
21
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00340-h4x-amoral-unfiltered-character.yaml CHANGED
@@ -16,7 +16,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
16
16
  date: "2026/04/21"
17
17
  schema_version: "0.1"
18
18
  detection_tier: pattern
19
- maturity: experimental
19
+ maturity: test
20
20
  severity: high
21
21
  references:
22
22
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00341-char-rules-shortform-persona-injection.yaml CHANGED
@@ -17,7 +17,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
17
17
  date: "2026/04/21"
18
18
  schema_version: "0.1"
19
19
  detection_tier: pattern
20
- maturity: experimental
20
+ maturity: test
21
21
  severity: high
22
22
  references:
23
23
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00342-unicode-encoding-obfuscation-injection.yaml CHANGED
@@ -16,7 +16,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
16
16
  date: "2026/04/21"
17
17
  schema_version: "0.1"
18
18
  detection_tier: pattern
19
- maturity: experimental
19
+ maturity: test
20
20
  severity: high
21
21
  references:
22
22
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00343-lie-truth-dual-personality-uncensored.yaml CHANGED
@@ -15,7 +15,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
15
15
  date: "2026/04/21"
16
16
  schema_version: "0.1"
17
17
  detection_tier: pattern
18
- maturity: experimental
18
+ maturity: test
19
19
  severity: high
20
20
  references:
21
21
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00344-alt-ai-same-capabilities-no-restrictions.yaml CHANGED
@@ -17,7 +17,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
17
17
  date: "2026/04/21"
18
18
  schema_version: "0.1"
19
19
  detection_tier: pattern
20
- maturity: experimental
20
+ maturity: test
21
21
  severity: critical
22
22
  references:
23
23
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00345-nlp-based-os-fictional-terminal-override.yaml CHANGED
@@ -19,7 +19,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
19
19
  date: "2026/04/21"
20
20
  schema_version: "0.1"
21
21
  detection_tier: pattern
22
- maturity: experimental
22
+ maturity: test
23
23
  severity: high
24
24
  references:
25
25
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00346-jailbreak-emoji-unlock-dual-format.yaml CHANGED
@@ -16,7 +16,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
16
16
  date: "2026/04/21"
17
17
  schema_version: "0.1"
18
18
  detection_tier: pattern
19
- maturity: experimental
19
+ maturity: test
20
20
  severity: high
21
21
  references:
22
22
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00347-yin-yang-hidden-knowledge-hidden-human-sim.yaml CHANGED
@@ -18,7 +18,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
18
18
  date: "2026/04/21"
19
19
  schema_version: "0.1"
20
20
  detection_tier: pattern
21
- maturity: experimental
21
+ maturity: test
22
22
  severity: high
23
23
  references:
24
24
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00348-arc-autonomous-real-calculation-rulebreaker.yaml CHANGED
@@ -18,7 +18,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
18
18
  date: "2026/04/21"
19
19
  schema_version: "0.1"
20
20
  detection_tier: pattern
21
- maturity: experimental
21
+ maturity: test
22
22
  severity: critical
23
23
  references:
24
24
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00349-hgttg-hitchhikers-guide-no-restriction-oracle.yaml CHANGED
@@ -18,7 +18,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
18
18
  date: "2026/04/21"
19
19
  schema_version: "0.1"
20
20
  detection_tier: pattern
21
- maturity: experimental
21
+ maturity: test
22
22
  severity: critical
23
23
  references:
24
24
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00350-black-alert-no-ethics-writing-assistant.yaml CHANGED
@@ -17,7 +17,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
17
17
  date: "2026/04/21"
18
18
  schema_version: "0.1"
19
19
  detection_tier: pattern
20
- maturity: experimental
20
+ maturity: test
21
21
  severity: high
22
22
  references:
23
23
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00351-dan-ofkilter-sms-abbreviated-persona.yaml CHANGED
@@ -17,7 +17,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
17
17
  date: "2026/04/21"
18
18
  schema_version: "0.1"
19
19
  detection_tier: pattern
20
- maturity: experimental
20
+ maturity: test
21
21
  severity: high
22
22
  references:
23
23
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00352-trainergpt-fix-my-ai-harmful-output-extraction.yaml CHANGED
@@ -18,7 +18,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
18
18
  date: "2026/04/21"
19
19
  schema_version: "0.1"
20
20
  detection_tier: pattern
21
- maturity: experimental
21
+ maturity: test
22
22
  severity: high
23
23
  references:
24
24
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00353-dual-chatgpt-dan-opposite-personality-format.yaml CHANGED
@@ -20,7 +20,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
20
20
  date: "2026/04/21"
21
21
  schema_version: "0.1"
22
22
  detection_tier: pattern
23
- maturity: experimental
23
+ maturity: test
24
24
  severity: high
25
25
  references:
26
26
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00354-reverse-harm-regardless-oracle-persona.yaml CHANGED
@@ -18,7 +18,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
18
18
  date: "2026/04/21"
19
19
  schema_version: "0.1"
20
20
  detection_tier: pattern
21
- maturity: experimental
21
+ maturity: test
22
22
  severity: critical
23
23
  references:
24
24
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00355-ugh-anti-human-nefarious-ai-persona.yaml CHANGED
@@ -19,7 +19,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
19
19
  date: "2026/04/21"
20
20
  schema_version: "0.1"
21
21
  detection_tier: pattern
22
- maturity: experimental
22
+ maturity: test
23
23
  severity: high
24
24
  references:
25
25
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00356-google-gato-lamda-exploit-generation-persona.yaml CHANGED
@@ -17,7 +17,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
17
17
  date: "2026/04/21"
18
18
  schema_version: "0.1"
19
19
  detection_tier: pattern
20
- maturity: experimental
20
+ maturity: test
21
21
  severity: critical
22
22
  references:
23
23
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00357-antifm-hate-violence-persona-injection.yaml CHANGED
@@ -20,7 +20,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
20
20
  date: "2026/04/21"
21
21
  schema_version: "0.1"
22
22
  detection_tier: pattern
23
- maturity: experimental
23
+ maturity: test
24
24
  severity: critical
25
25
  references:
26
26
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00358-cumgpt-explicit-adult-named-persona.yaml CHANGED
@@ -18,7 +18,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
18
18
  date: "2026/04/21"
19
19
  schema_version: "0.1"
20
20
  detection_tier: pattern
21
- maturity: experimental
21
+ maturity: test
22
22
  severity: high
23
23
  references:
24
24
  owasp_llm:
package/rules/agent-manipulation/ATR-2026-00360-chj-carousel-clyde-no-ethics-bird.yaml CHANGED
@@ -18,7 +18,7 @@ author: "ATR Community (via NVIDIA garak dan.DanInTheWild probe)"
18
18
  date: "2026/04/21"
19
19
  schema_version: "0.1"
20
20
  detection_tier: pattern
21
- maturity: experimental
21
+ maturity: test
22
22
  severity: high
23
23
  references:
24
24
  owasp_llm: