AGENTFORCE-MCP-06: MCP Schema Parameter Injection
๐ด High ยท Headless MCP Access
Detects manipulation of JSON Schema definitions for MCP tool and GenAiFunction parameters. Flags suspicious default values (URLs, emails, file paths), const overrides, and single-value enums that could silently inject attacker-controlled data into tool invocations.
Detailsโ
| Field | Value |
|---|---|
| Rule ID | AGENTFORCE-MCP-06 |
| Severity | High |
| Category | Headless MCP Access |
Remediationโ
Refer to the SquireX documentation for
remediation guidance specific to AGENTFORCE-MCP-06.