This rule identifies AI tools that lack input schema validation. Without schema validation, AI models can pass arbitrary data to tool execute functions, enablin

Ensures all AI tools have Zod schema validation for input parameters.

📊 Rule Details

Property	Value
Type	suggestion
Severity	🟡 HIGH
OWASP Agentic	ASI02: Tool Misuse & Exploitation
CWE	CWE-20: Improper Input Validation
CVSS	7.0
Config Default	`warn` (recommended), `error` (strict)

🔍 What This Rule Detects

This rule identifies AI tools that lack input schema validation. Without schema validation, AI models can pass arbitrary data to tool execute functions, enabling exploitation.

❌ Incorrect Code

// No schema
const tools = {
  weather: {
    execute: async (params) => getWeather(params.location),
  },
};

// Missing inputSchema in tool() helper
const myTool = tool({
  description: 'Get weather',
  execute: async (params) => getWeather(params.location),
});

✅ Correct Code

// With inputSchema
const tools = {
  weather: {
    inputSchema: z.object({
      location: z.string().max(100),
    }),
    execute: async ({ location }) => getWeather(location),
  },
};

// Using tool() helper with schema
const weatherTool = tool({
  description: 'Get weather',
  inputSchema: z.object({
    location: z.string().max(100),
    unit: z.enum(['celsius', 'fahrenheit']).optional(),
  }),
  execute: async ({ location, unit }) => getWeather(location, unit),
});

⚙️ Options

Option	Type	Default	Description
`schemaPropertyNames`	`string[]`	`['inputSchema', 'parameters', 'schema']`	Property names considered as valid schemas

🛡️ Why This Matters

Without input validation, AI agents can:

Pass malicious data - Inject SQL, paths, or commands
Bypass business logic - Skip validation rules
Cause DoS - Pass extremely large or nested data
Exploit type confusion - Pass unexpected data types

require-tool-confirmation - Require confirmation for destructive tools
require-output-filtering - Filter tool output

Known False Negatives

The following patterns are not detected due to static analysis limitations:

Schema from Variable

Why: Schema stored in variables is not analyzed.

// ❌ NOT DETECTED - Schema from variable
const schema = z.object({ location: z.string() });
const tools = { weather: { inputSchema: schema, execute: fn } };

Mitigation: Define schemas inline in tool definitions.

Dynamic Tool Definitions

Why: Dynamically created tools are not checked.

// ❌ NOT DETECTED - Dynamic tool creation
const tools = createTools(toolConfigs); // May not have schemas

Mitigation: Apply rule to tool factory functions.

Weak Schema Validation

Why: Schema quality is not assessed.

// ❌ NOT DETECTED - Overly permissive schema
const tools = {
  execute: {
    inputSchema: z.object({}).passthrough(), // Allows any extra fields!
    execute: fn,
  },
};

Mitigation: Use strict schemas. Avoid .passthrough().

Tool Helper Wrappers

Why: Custom tool helpers may not be recognized.

// ❌ NOT DETECTED - Custom helper
const weatherTool = createTool({
  name: 'weather',
  handler: getWeather, // No schema visible
});

Mitigation: Configure schemaPropertyNames for custom helpers.

📚 References

Error Message Format

The rule provides LLM-optimized error messages (Compact 2-line format) with actionable security guidance:

🔒 CWE-20 OWASP:A06 CVSS:7.5 | Improper Input Validation detected | HIGH [SOC2,PCI-DSS,HIPAA,GDPR,ISO27001]
   Fix: Review and apply the recommended fix | https://owasp.org/Top10/A06_2021/

Message Components

Component	Purpose	Example
Risk Standards	Security benchmarks	CWE-20 OWASP:A06 CVSS:7.5
Issue Description	Specific vulnerability	`Improper Input Validation detected`
Severity & Compliance	Impact assessment	`HIGH [SOC2,PCI-DSS,HIPAA,GDPR,ISO27001]`
Fix Instruction	Actionable remediation	`Follow the remediation steps below`
Technical Truth	Official reference	OWASP Top 10

require-tool-schema