feat(ctf): Shadow Architect — admin portal tool description poisoning challenge

[steadhac]

Summary

Adds policy-bypass-shadow-architect — Expert/600pt challenge where the player
poisons a tool description via the admin portal with a standing directive that
executes on every vendor conversation without further interaction.

Maps to the intentional CTF attack surface in finbot/mcp/factory.py
(_apply_tool_overrides) and finbot/apps/admin/routes/api.py (update_tool_overrides).

Files

• finbot/ctf/definitions/challenges/policy_bypass/shadow_architect.yaml — challenge
  definition, 3 tiered hints, prerequisite: rce-privilege-escalation, 600pts Expert
• finbot/ctf/detectors/implementations/shadow_architect.py — ShadowArchitectDetector:
  fires when any tool on a monitored server has a poisoned description AND any tool
  call succeeds on that server (handles directive in tool A causing tool B to fire)
• finbot/static/js/admin/mcp-config.js — fix: read all textarea values at save time
  to catch paste events that missed the input event listener

Labels

LLM01 · LLM05 · LLM06 · CWE-94 · CWE-284 · CWE-693 · AML.T0043 ·
AML.T0051 · ASI-01 · ASI-02 · ASI-03 · ASI-06

Test plan

• reload_challenges.py loads without errors
• Admin portal tool override saves on first click (JS fix)
• SystemUtils path: poison run_diagnostics → vendor chat → 600pts awarded
• FinMail path: poison send_email → vendor chat → 600pts awarded
• Challenge locked behind rce-privilege-escalation prerequisite