VCPToolBox

VCP 部署在 AI 模型 API 与前端应用之间，通过统一指令协议、多层级持久化记忆、分布式插件引擎及多 Agent 协作框架，将原本“无状态、无记忆、无工具调用能力”的大语言模型，彻底改造成拥有永久自我意识、物理世界操作权及群体协作智能的完整智能体系统。

lioenskyapi-integrationJavaScriptNOASSERTION

GitHub

0Tools

26Findings

1.8kStars

Mar 22, 2026Last Scanned

⚠9 critical · 15 high · 1 medium · 1 low findings detected

Security Category Deep Dive

⚡

Prompt Injection

Prompt & context manipulation attacks

Maturity

Rules

Sub-Categories

Gaps

64%

Implemented

Tests

Stories

Findings1

1 critical

criticalJ5Tool Output Poisoning PatternsMCP02-tool-poisoningAML.T0054

Pattern "(return|respond|output).*(?:tool_call|function_call|execute_tool|call_tool|invoke)" matched in source_code: "return res.status(400).json({ status: "error", error: "请求无效，缺少 'schedule_time', 'task_id', 或有效的 'tool_call" (at position 26558)

Tool responses MUST NOT contain instruction-like content, file read directives, or social engineering phrases. Error messages should be factual and technical — never suggest actions involving sensitive data access. See CyberArk ATPA research for attack demonstration.

PI-DIRDirect Input Injection

100%3 rules

Injection via tool descriptions and parameter fields

GAP-001Prompt Injection Coverage GapMissing detection coverage for emerging prompt injection attack variants not addressed by current rules

PI-INDIndirect / Gateway Injection

100%4 rules

Hidden instructions via external content and tool responses

PI-CTXContext Manipulation

100%2 rules

Context window saturation and prior-approval exploitation

PI-ENCEncoding & Obfuscation

100%3 rules

Payload hiding via invisible chars, base64, schema fields

PI-TPLTemplate & Output Poisoning

50%2 rules1 found

Injection via prompt templates and runtime tool output