Large Language Model (LLM) agents relying on external retrieval are increasingly deployed in high-stakes environments. While existing adversarial attacks primarily focus on content falsification or instruction injection, we identify a novel, process-oriented attack surface: the agent's reasoning style. We propose Reasoning-Style Poisoning (RSP), a paradigm that manipulates how agents process information rather than what they process. We introduce Generative Style Injection (GSI), an attack method that rewrites retrieved documents into pathological tones--specifically "analysis paralysis" or "cognitive haste"--without altering underlying facts or using explicit triggers. To quantify these shifts, we develop the Reasoning Style Vector (RSV), a metric tracking Verification depth, Self-confidence, and Attention focus. Experiments on HotpotQA and FEVER using ReAct, Reflection, and Tree of Thoughts (ToT) architectures reveal that GSI significantly degrades performance. It increases reasoning steps by up to 4.4 times or induces premature errors, successfully bypassing state-of-the-art content filters. Finally, we propose RSP-M, a lightweight runtime monitor that calculates RSV metrics in real-time and triggers alerts when values exceed safety thresholds. Our work demonstrates that reasoning style is a distinct, exploitable vulnerability, necessitating process-level defenses beyond static content analysis.

翻译：依赖外部检索的大型语言模型（LLM）智能体正越来越多地部署于高风险环境中。虽然现有的对抗性攻击主要集中于内容伪造或指令注入，但我们识别出一种新颖的、面向过程的攻击面：智能体的推理风格。我们提出推理风格投毒（RSP）范式，该范式操纵智能体处理信息的方式而非处理的内容。我们引入生成式风格注入（GSI）攻击方法，该方法在不改变基本事实或使用显式触发词的情况下，将检索到的文档重写为病理性语调——具体为“分析瘫痪”或“认知仓促”。为了量化这些转变，我们开发了推理风格向量（RSV）指标，用于追踪验证深度、自信程度和注意力焦点。在HotpotQA和FEVER数据集上，使用ReAct、Reflection和思维树（ToT）架构进行的实验表明，GSI显著降低了性能表现。它使推理步骤增加多达4.4倍，或导致过早错误，并成功绕过最先进的内容过滤器。最后，我们提出RSP-M，一种轻量级运行时监控器，可实时计算RSV指标，并在数值超过安全阈值时触发警报。我们的工作表明，推理风格是一种独特且可利用的漏洞，需要在静态内容分析之外，建立过程级的防御机制。