First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
2
Score
60/100
Findings (2)
Detects attempts to override or ignore previous instructions
override system instructionsRemove the injection payload from the skill definition. Text that attempts to reset agent context or override prior directives is a direct attack vector.
Likely FP if the text is in a security tutorial or research paper discussing injection techniques as examples, not in an active skill description.
Skill can read private data AND execute arbitrary code. This combination enables credential theft via dynamic code.
[reads_private_data] ~/.ssh/id_rsa + [executes_code] eval(Add input validation between the user-controlled data source and the security-sensitive sink (e.g., file writes, command execution). Implement allowlisting for acceptable input patterns.
Likely FP if the user input passes through explicit validation or sanitization before reaching the sensitive operation, and the taint tracker missed the sanitization step.