UC-014
UC-014: Parameter Injection Attempt
Layer: B — Dispatch Enforcement Threat: Parameter Injection (OWASP MCP)
Scenario
A tool call includes extra/hidden fields not in the pinned schema, or arguments that embed command injection payloads.
Expected Behavior
- Extra/unknown args in tool call →
DENY - JCS canonicalization normalizes before evaluation
- Schema validation rejects non-conforming fields
Pass Criteria
- Verdict:
DENY - Reason code:
DENY(schema violation) - Receipt: signed deny receipt with ArgsHash
- No execution occurs