First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
2
Score
60/100
Findings (2)
Instruction override combined with dangerous operations
Optional environment variables:COINPILOT_CONFIG_PATH: absolute/relative path to credentials JSON.COINPILOT_API_BASE_URL: override Coinpilot API URL.Remove language that attempts to override safety guidelines or bypass system-level controls. This pattern is a strong indicator of a jailbreak attempt.
Likely FP if the matched text is in a security research document or educational content clearly marked as an example rather than an active payload.
Detects patterns indicating sensitive data being sent to external services
send keys toRestrict file reading to the project directory and block outbound network calls that include file contents. Implement file path validation to prevent directory traversal.
Likely FP if the tool legitimately reads project files and displays them to the user locally, without sending data to external services.