Add Agent Threat Rules (ATR) to Tools section

[eeee2345]

Update (April 2026)

ATR has grown significantly since this PR was first submitted:

• 108 detection rules across 9 threat categories (v1.1.1 on npm)
• Adopted by Cisco AI Defense — 34 rules merged into official skill-scanner (PR #79)
• Threat Cloud live — 14,979 skill threats processed, 47 rule proposals crystallized
• PRs pending at NVIDIA Garak (7.5K stars) and Promptfoo (19.7K stars)
• Benchmarks: 96.9% recall / 100% precision on SKILL.md (498 samples), 99.7% precision on MCP (850 samples)
• Install: npm install agent-threat-rules && npx atr scan .

---

Summary

Adding Agent Threat Rules (ATR) to the Tools section.

ATR is a set of open-source, regex-based detection rules for AI agent security threats — like YARA/Sigma rules, but for LLM tool-calling attacks.

Why it belongs here

This list covers LLM security broadly — ATR fills the agent/tool-calling detection gap:

• 71 rules covering prompt injection, tool poisoning, data exfiltration, credential theft, sandbox escape, and more
• Benchmarked: 62.7% recall / 99.7% precision on PINT
• Standards-mapped: OWASP Agentic Top 10 (10/10), SAFE-MCP (91.8%)
• Practical: TypeScript + Python engines, Splunk/Elastic converters, MCP skill scanner
• Battle-tested: Scanned 36,394 MCP skills, found 182 CRITICAL / 1,124 HIGH threats
• MIT licensed, community-driven

ATR complements the prompt injection defenses already listed (Rebuff, LLM Guard, Vigil) by focusing specifically on agent tool-calling threats rather than conversational prompt injection.

Summary by CodeRabbit

• 문서
  • README의 도구 섹션에 Agent Threat Rules(ATR) 항목이 추가되었습니다. 저장소 링크와 GitHub 스타 배지가 포함되며, 태그라인으로 프롬프트 인젝션, 도구 오염, 자격 증명 유출, 스킬 공급망 공격 등 탐지 범위와 관련 지표가 요약되어 있습니다.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ff691645-f589-4e9c-9b23-16478cd7db3d

📥 Commits

Reviewing files that changed from the base of the PR and between 97a4376 and f62541d.

📒 Files selected for processing (1)

• README.md

✅ Files skipped from review due to trivial changes (1)

• README.md

---

Walkthrough

README의 "Tools" 섹션에 Agent Threat Rules (ATR) 항목이 새로 추가되었습니다. 항목에는 저장소 링크, GitHub stars 배지, 탐지 범위(프롬프트 주입, 도구 중독, 자격증명 유출, 스킬 공급망 공격 등)와 관련 메트릭이 포함되어 있습니다.

Changes

Cohort / File(s)	Summary
README Tools Section README.md	README.md의 "Tools" 섹션에 Agent Threat Rules (ATR) 항목 추가: 저장소 링크, GitHub stars 배지, 탐지 규칙 범위 및 메트릭 설명(71개 정규식 규칙 언급).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	제목은 변경세트의 주요 내용을 정확하게 요약하고 있으며, README의 Tools 섹션에 Agent Threat Rules(ATR)를 추가하는 것이 명확하게 나타나 있습니다.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[eeee2345]

Hi! Just checking in on this PR. CodeRabbit's review came back clean with no actionable issues.

As a quick update — ATR's detection rules have recently been integrated into Cisco AI Defense (merged as PR #79 in cisco-ai-defense/skill-scanner), which adds industry validation for the project. Would love to get this merged when you have a chance. Thanks!

[eeee2345]

Updated since submission: ATR now at 108 rules (v1.1.1), shipped in Cisco AI Defense (PR #79). 53K+ MCP skills scanned, 0% FP on clean content. Ready for review.