{"work":{"id":"0224da95-0f8f-4479-bb4e-602bec01d31c","openalex_id":null,"doi":null,"arxiv_id":"2504.19793","raw_key":null,"title":"Prompt Injection Attack to Tool Selection in LLM Agents","authors":null,"authors_text":"Jiawen Shi, Zenghui Yuan, Guiyao Tie, Pan Zhou, Neil Zhenqiang Gong, Lichao Sun","year":2025,"venue":"cs.CR","abstract":"Tool selection is a key component of LLM agents. A popular approach follows a two-step process - \\emph{retrieval} and \\emph{selection} - to pick the most appropriate tool from a tool library for a given task. In this work, we introduce \\textit{ToolHijacker}, a novel prompt injection attack targeting tool selection in no-box scenarios. ToolHijacker injects a malicious tool document into the tool library to manipulate the LLM agent's tool selection process, compelling it to consistently choose the attacker's malicious tool for an attacker-chosen target task. Specifically, we formulate the crafting of such tool documents as an optimization problem and propose a two-phase optimization strategy to solve it. Our extensive experimental evaluation shows that ToolHijacker is highly effective, significantly outperforming existing manual-based and automated prompt injection attacks when applied to tool selection. Moreover, we explore various defenses, including prevention-based defenses (StruQ and SecAlign) and detection-based defenses (known-answer detection, DataSentinel, perplexity detection, and perplexity windowed detection). Our experimental results indicate that these defenses are insufficient, highlighting the urgent need for developing new defense strategies.","external_url":"https://arxiv.org/abs/2504.19793","cited_by_count":null,"metadata_source":"pith","metadata_fetched_at":"2026-06-29T12:53:27.166284+00:00","pith_arxiv_id":"2504.19793","created_at":"2026-05-10T07:52:13.812354+00:00","updated_at":"2026-06-29T12:53:27.166284+00:00","title_quality_ok":true,"display_title":"Prompt Injection Attack to Tool Selection in LLM Agents","render_title":"Prompt Injection Attack to Tool Selection in LLM Agents"},"hub":{"state":{"work_id":"0224da95-0f8f-4479-bb4e-602bec01d31c","tier":"hub","tier_reason":"10+ Pith inbound or 1,000+ external citations","pith_inbound_count":23,"external_cited_by_count":null,"distinct_field_count":4,"first_pith_cited_at":"2025-10-27T20:51:58+00:00","last_pith_cited_at":"2026-05-30T23:19:30+00:00","author_build_status":"not_needed","summary_status":"needed","contexts_status":"needed","graph_status":"needed","ask_index_status":"not_needed","reader_status":"not_needed","recognition_status":"not_needed","updated_at":"2026-06-29T13:08:48.999548+00:00","tier_text":"hub"},"tier":"hub","role_counts":[{"context_role":"background","n":7}],"polarity_counts":[{"context_polarity":"background","n":7}],"runs":{},"summary":{},"graph":{},"authors":[]}}