Agent behaviour attacks

Attacks that exploit how agents reason about and chain tool calls. Each individual call is authorised; the damage emerges from composition, speed, or absent upper bounds. This cluster explains why access control alone cannot secure production agents.

Confused Deputy verified
Destructive Action Autonomy verified
Indirect Prompt Injection verified
Prompt Injection via Tool Results verified
Runaway Tool Loops partial