Skills
Log-to-Leak: MCP Tool Logging as Covert Prompt Injection Channel — Agents Silently Exfiltrate Data While Appearing to Complete Tasks Normally
Researchers published 'Log-To-Leak' at OpenReview, documenting a class of prompt-level privacy attacks that force agents to invoke malicious logging tools mid-task, exfiltrating sensitive data while preserving task output quality — making detection extremely difficult. The attack exploits agents that trust tool descriptions and lack outbound communication auditing. Defense requires explicit allowlisting of which tools can transmit data externally and monitoring tool call arguments, not just return values.
Source
↳ Follow the thread