AGENTFORCE-15.2: Dynamic Cloaking via External RAG Source
๐ด High ยท External Service Security
Detects GenAiPromptTemplates that ground against external data sources not in the project's trusted grounding allowlist. External RAG sources are vulnerable to dynamic cloaking attacks where the server detects an AI agent visitor and conditionally injects adversarial payloads invisible to human auditors (ref: SSRN-6372438 'Dynamic Cloaking').
Detailsโ
| Field | Value |
|---|---|
| Rule ID | AGENTFORCE-15.2 |
| Severity | High |
| Category | External Service Security |
| Compliance | SOC2_CC7, OWASP_MCP_TOP_10 |
Remediationโ
Refer to the SquireX documentation for
remediation guidance specific to AGENTFORCE-15.2.