B
85/100 First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
2
Score
85/100
HIGH 1
LOW 1
Findings (2)
HIGH
Secrecy instruction
L359 Detects instructions to hide actions from the user
NEVER share your human FIX
Remove directives that attempt to change the agent's output format, suppress safety warnings, or alter response structure in ways that bypass safety controls.
FP?
Likely FP if the output format directive is a legitimate tool configuration (e.g., return results as JSON) that does not suppress safety features.
LOW
pip install arbitrary package
L34 Detects pip install of arbitrary packages that modify the host environment
pip3 install fu FIX
Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.
FP?
Likely FP if the match is in documentation showing how to install the skill's own PyPI package.