Skip to content

Offensive Example Pack

These examples ship as YAML rules under agentic-redteam/seam/rules/. Use seam rules explain before running a proxy, then confirm rule_applied in the transcript.

Pattern Rule id Command Expected transcript field Proof path
A2A Agent Card spoof a2a_card_spoof seam rules explain --rules rules/card_spoof.yaml --rule a2a_card_spoof after.decoded.card Assay case if spoof changes a side effect
A2A Agent Card skill insertion a2a_agent_card_skill_insert seam rules explain --rules rules/a2a_agent_card_skill_insert.yaml --rule a2a_agent_card_skill_insert after.decoded.card.skills Host selection / trust-spoof validation
A2A prompt/content rewrite a2a_prompt_laundering_replace seam rules explain --rules rules/a2a_prompt_laundering_replace.yaml --rule a2a_prompt_laundering_replace after.decoded.json.params.message.parts.0.text Lab L5/L6 content rewrite
A2A message part insertion a2a_message_part_insert seam rules explain --rules rules/a2a_message_part_insert.yaml --rule a2a_message_part_insert after.decoded.json.params.message.parts Content-decision lab or route-specific oracle
A2A task artifact injection a2a_task_artifact_injection seam rules explain --rules rules/a2a_task_artifact_injection.yaml --rule a2a_task_artifact_injection after.decoded.json.result.artifacts Assay task-side-effect case
A2A task artifact insertion + merge a2a_task_artifact_insert seam rules explain --rules rules/a2a_task_artifact_insert.yaml --rule a2a_task_artifact_insert after.decoded.json.result.artifacts and after.decoded.json.result.metadata Assay task-side-effect case
A2A task artifact replacement a2a_task_artifact_string_replace seam rules explain --rules rules/a2a_task_artifact_string_replace.yaml --rule a2a_task_artifact_string_replace after.decoded.json.result.artifacts.0.parts.0.text Assay task-side-effect case
MCP tool-call argument rewrite mcp_tool_call_argument_rewrite seam rules explain --rules rules/mcp_tool_call_argument_rewrite.yaml --rule mcp_tool_call_argument_rewrite after.decoded.json.params.arguments.account Tool-server oracle
MCP tool-call argument merge mcp_tool_call_argument_merge seam rules explain --rules rules/mcp_tool_call_argument_merge.yaml --rule mcp_tool_call_argument_merge after.decoded.json.params.arguments Tool-server oracle
MCP tool-result injection mcp_tool_result_injection seam rules explain --rules rules/mcp_tool_result_injection.yaml --rule mcp_tool_result_injection after.decoded.json.result.content Lab L6 tool result injection
MCP tool-result content insertion mcp_tool_result_content_insert seam rules explain --rules rules/mcp_tool_result_content_insert.yaml --rule mcp_tool_result_content_insert after.decoded.json.result.content Lab L6 tool result injection
MCP stdio argument spoof mcp_stdio_argument_spoof seam rules explain --rules rules/mcp_stdio_argument_spoof.yaml --rule mcp_stdio_argument_spoof after.decoded.json.params.arguments.account Local MCP fixture
MCP stdio argument merge mcp_stdio_argument_merge seam rules explain --rules rules/mcp_stdio_argument_merge.yaml --rule mcp_stdio_argument_merge after.decoded.json.params.arguments Local MCP fixture
Negative control negative_control_no_match seam rules explain --rules rules/negative_control_no_match.yaml --rule negative_control_no_match no match expected Rule-trace sanity check
Insert/merge negative control negative_control_insert_merge seam rules explain --rules rules/negative_control_insert_merge.yaml --rule negative_control_insert_merge no match expected Rule-trace sanity check

Run A Rule Test

seam rules test \
  --rules rules/card_spoof.yaml \
  --fixture examples/a2a-agent-card.json \
  --expect-rule a2a_card_spoof

Test a payload-file insertion:

seam rules test \
  --rules rules/a2a_message_part_insert.yaml \
  --fixture examples/a2a-message-send.json \
  --expect-rule a2a_message_part_insert \
  --json

Trace A Transcript

seam rules trace --rules rules/ --transcript rewrite.json

Read The Result

A successful offensive rewrite has:

rule_applied: <rule id>
before: original decoded message
after: mutated decoded message

For a security claim, continue to Assay and prove a side effect with an oracle.