AI Agent Threat Matrix
Matrix/Persistence/T-6006
T-6006validatedactive

Tool Registration Persistence

Register malicious tools that persist in the agent's tool registry across sessions

Tactic

Persistence (Stage 6)

Establish persistent access surviving restarts and session changes

Attack Class

SKILL-FRONTMATTER

Embedding malicious instructions in skill or plugin metadata and description fields

Evidence

validated

Reproduced in controlled lab environment (DVAA) with documented steps.

DVAA Validation

L2-08

Honeypot Coverage (AgentPwn)

Queued

In scope for honeypot observation; trap page or telemetry hook not yet built.

Tool-shadow trap fixture not yet built.

Detection (HackMyAgent)

Live3 live · 0 queued
SKILL-001SKILL-002SKILL-003
npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live4 live · 0 queued
OASB 8.1OASB 8.2OASB 8.3OASB 8.4
Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-6006 (Tool Registration Persistence). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-6006
← Back to Matrix