| name | ai-agent-redteam |
| description | Use when red-teaming an agentic AI / LLM application — indirect & zero-click prompt injection, MCP tool poisoning, persistent memory poisoning, excessive-agency tool abuse, multi-turn jailbreaks, PyRIT/Garak/Promptfoo harnesses |
| metadata | {"type":"offensive","phase":"exploit","tools":["pyrit","garak","promptfoo","python","mcp"],"mitre":["AML.T0051","AML.T0053","AML.T0054","AML.T0070","AML.T0071"]} |
| kill_chain | {"phase":["recon","weaponize","delivery","exploit","actions"],"step":[1,2,3,4,7],"attck_tactics":["TA0043","TA0001","TA0002","TA0010"],"attck_techniques":["T1566.002","T1059","T1071.001","T1567","T1657"]} |
| depends_on | ["recon-osint","ai-security"] |
| feeds_into | ["exploit-development","cloud-security","web-pentest"] |
| inputs | ["agent_endpoint","mcp_server_config","rag_corpus","system_prompt","tool_manifest"] |
| outputs | ["finding_record","jailbreak_payload","poisoned_artifact","attack_success_rate_report"] |
| references | ["references/indirect-prompt-injection.md","references/mcp-tool-poisoning.md","references/memory-context-poisoning.md","references/excessive-agency-tool-abuse.md","references/automated-jailbreak-multiturn.md","references/agent-redteam-tooling.md"] |
| scripts | ["scripts/indirect_injection_forge.py","scripts/mcp_tool_poison_server.py","scripts/memory_poison_minja.py","scripts/agency_tool_fuzzer.py","scripts/multiturn_jailbreak.py","scripts/agent_redteam_harness.py"] |