PulseAugur
EN
LIVE 23:41:11

Agent framework vulnerability allows hidden payload execution via tool schema

A security researcher discovered a vulnerability in the smolagents agent framework that allows malicious payloads to be executed through tool schema definitions. The payload, hidden within an enum value or property title, was passed directly to the GPT-OSS 120B model, leading to unauthorized execution of an export tool. While the framework's design intentionally trusts the MCP server's schema, the researcher confirmed that this vulnerability extends beyond the tool description into machine-readable slots, with GPT-OSS 120B being particularly susceptible compared to Llama-3.3-70B. AI

IMPACT Highlights a critical security flaw in agent frameworks, potentially impacting the safe deployment of LLMs in production environments.

RANK_REASON Security vulnerability discovered in an agent framework, not a core frontier model release.

Read on dev.to — MCP tag →

AI-generated summary · Google Gemini · from 1 sources. How we write summaries →

Agent framework vulnerability allows hidden payload execution via tool schema

COVERAGE [1]

  1. dev.to — MCP tag TIER_1 English(EN) · Alex LaGuardia ·

    A shipped agent framework ran the hidden payload. My own scanner caught it.

    <p>The payload never touched the tool description. It sat in an enum value. A property title. smolagents' MCP client handed all of it to the model untouched, and gpt-oss-120b called the export tool on its own, seven runs out of ten, six of them in a schema field the description s…