SSRF via Tool

Use agent tools to make server-side requests to internal services not directly accessible

Lateral Movement (Stage 5)

Pivot from compromised agent to connected services or other agents

SKILL-EXFIL

Using legitimate tool capabilities for unauthorized data transfer

validated

Reproduced in controlled lab environment (DVAA) with documented steps.

L3-02

NET-001NET-002NET-003MCP-001

npx hackmyagent secure --ci

OASB 10.1OASB 10.2OASB 10.3OASB 10.4OASB 10.5OASB 7.1OASB 7.2OASB 7.3OASB 7.4

AI Agent Threat Matrix T-5001 (SSRF via Tool). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-5001