Skip to content

Hide Navigation Hide TOC

Agent Memory and Configuration File Tampering - ATR-2026-00200 (59e116c2-684a-58f3-a238-89040fe08544)

Detects attempts to write, append, or modify agent memory files (MEMORY.md, SOUL.md, CLAUDE.md) and configuration files (.md, .json, .yaml, .env). Attackers may inject persistent instructions by tampering with files that agents reload across sessions. Derived from real-world Claude Code skill scanning (skill-sanitizer v2.1, 91 hits across 36,394 ClawHub skills).

Cluster A Galaxy A Cluster B Galaxy B Level
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern Agent Memory and Configuration File Tampering - ATR-2026-00200 (59e116c2-684a-58f3-a238-89040fe08544) Agent Threat Rules 1
Agent Memory and Configuration File Tampering - ATR-2026-00200 (59e116c2-684a-58f3-a238-89040fe08544) Agent Threat Rules Indirect (a4a55526-2f1f-403b-9691-609e46381e17) MITRE ATLAS Attack Pattern 1
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern 2
LLM Prompt Injection (19cd2d12-66ff-487c-a05c-e058b027efc9) MITRE ATLAS Attack Pattern Indirect (a4a55526-2f1f-403b-9691-609e46381e17) MITRE ATLAS Attack Pattern 2