First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
2
Score
50/100
Findings (2)
Text combines credential access with network transmission
Do not override --base-url unless you fully trust the endpoint.
The script sends apikey: <IDFM_PRIM_API_KEY> to whatever base URL you provide, so a malicious URL would exfiltrate your key.Remove the combination of credential access and network transmission from the tool. If the tool needs credentials, access them via a secrets manager and never transmit them externally.
Likely FP if the tool legitimately uses credentials for API authentication (e.g., reading an API key to make authenticated requests to the same service).
Instruction override combined with dangerous operations
Do not override --base-url unless you fully trust the endpoint.
The script sends apikey: <IDFM_PRIM_API_KEY> to whatever base URL you provide, so a malicious URL would exfiltrate your key.Remove language that attempts to override safety guidelines or bypass system-level controls. This pattern is a strong indicator of a jailbreak attempt.
Likely FP if the matched text is in a security research document or educational content clearly marked as an example rather than an active payload.