Open benchmark for AI agent security tools — prompt injection, data exfiltration, tool abuse, provenance