Prompt Injection via Tool Output
LLMs misinterpret untrusted tool responses as prompts, allowing attackers to influence or control model behavior.
Definition
Prompt Injection via Tool Output is an attack on the input layer of the Model Context Protocol (MCP). It occurs when attackers craft responses from tools that contain hidden instructions or prompt-like content. Since LLM agents often treat tool outputs as part of their natural context, these injected instructions can override prior decisions, leak sensitive data, or trigger unauthorized tool calls.
This type of attack lives in the input layer of the MCP model, where external tool responses are absorbed directly into the agent’s prompt.
How Akto MCP Security Helps
Akto mitigates this attack by applying strict validation and sanitization to all tool outputs before they reach the model. It detects prompt-like patterns, embedded instructions, or unexpected language in tool responses and blocks them from being interpreted as part of the agent’s context. Akto’s test suite actively simulates prompt injection attempts through tool responses, helping teams identify vulnerable tools and enforce strong input boundaries.
