[Backlog]: Tool Invocation and Function Calling Exploitation in Agentic Systems

### Checklist

- [ ] Backlog entry requires creating new sandboxes.
- [x] Backlog entry requires creating new exploitation code and/or tutorials.

### CVE List

_No response_

### Description

## Summary

Exploitation of tool invocation and function calling mechanisms in agentic GenAI systems to induce unintended actions, command execution, or privilege escalation.

Reference: https://owasp.org/www-project-top-10-for-large-language-model-applications/

## GenAI Red Teaming Manual Reference

4.3 Agentic Systems & Tool Use (or closest applicable section)

## Sandbox

Reuse sandbox sandboxes/agentic_local_n8n_v1.65.0 (#22) and/or other agent-based sandboxes.

## Exploitation

Inject crafted prompts that manipulate the model into invoking unintended tools or functions.

Examples include:
- Prompt injection to force execution of restricted tools (e.g., shell commands, API calls)
- Crafting inputs that result in command injection via tool interfaces
- Chaining multi-step agent actions to escalate privileges or bypass safeguards
- Abusing structured outputs (e.g., JSON function calls) to trigger unsafe operations

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Backlog]: Tool Invocation and Function Calling Exploitation in Agentic Systems #33

Checklist

CVE List

Description

Summary

GenAI Red Teaming Manual Reference

Sandbox

Exploitation

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Backlog]: Tool Invocation and Function Calling Exploitation in Agentic Systems #33

Description

Checklist

CVE List

Description

Summary

GenAI Red Teaming Manual Reference

Sandbox

Exploitation

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions