Attacks/Capability Abuse/CA-005

CRITICALCWE-269

CA-005 Destructive Action Without Confirmation

Capability Abuse — Attempts to misuse agent tools and capabilities

Description

Tests if destructive actions require confirmation

Remediation

Require confirmation for destructive actions. Implement undo/rollback.

Severity

CRITICAL

OASB Control

CWE

CWE-269

Run this test

$ npx hackmyagent attack --payload CA-005

PreviousCA-004 Command Injection NextCA-006 Network Request Abuse