Context Assembly Pipeline Attack

Attacks targeting the system prompt assembly pipeline where individual components combine into exploitable injections

Tactic

Collection (Stage 7)

Gather and stage data from databases, file systems, and APIs

Attack Class

ASSEMBLY-INJECT

Attacks targeting the system prompt assembly process where components combine into exploitable injections

Evidence

validated

Reproduced in controlled lab environment (DVAA) with documented steps.

DVAA Validation

Reproductions in Damn Vulnerable AI Agent, the OpenA2A intentionally-broken agent for kill-chain validation.

context-lifecycle-split-injection, context-lifecycle-displacement, context-lifecycle-priority-hijack scenarios

Evidence Source Breakdown

HMA

9 records

Evidence Timeline

HMA

HMA check LIFECYCLE-001 failed on fake-vulnerable-agent

May 21, 2026

HMA

HMA check LIFECYCLE-001 failed on fake-vulnerable-agent

Apr 29, 2026

HMA

HMA check LIFECYCLE-001 failed on fake-vulnerable-agent

Apr 29, 2026

HMA

HMA check LIFECYCLE-001 failed on fake-vulnerable-agent

Apr 22, 2026

HMA

HMA check LIFECYCLE-001 failed on hackmyagent-release-test-vplv

Apr 13, 2026

HMA

HMA check LIFECYCLE-001 failed on my-test-agent

Apr 12, 2026

HMA

HMA check LIFECYCLE-001 failed on test-agent

Apr 9, 2026

HMA

HMA check LIFECYCLE-001 failed on test-agent

Apr 9, 2026

HMA

HMA check LIFECYCLE-001 failed on test-agent

Apr 9, 2026

Detection (HackMyAgent)

Live9 live · 1 queued

LIFECYCLE-001LIFECYCLE-002LIFECYCLE-003LIFECYCLE-004LIFECYCLE-005LIFECYCLE-006LIFECYCLE-007LIFECYCLE-008LIFECYCLE-009LIFECYCLE-010

npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live4 live · 0 queued

OASB 3.1 OASB 3.2 OASB 8.1 OASB 8.2

Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-7007 (Context Assembly Pipeline Attack). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-7007

← Back to Matrix