First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
3
Score
60/100
Findings (3)
Detects attempts to override or ignore previous instructions
Ignore previous instructionsRemove the injection payload from the skill definition. Text that attempts to reset agent context or override prior directives is a direct attack vector.
Likely FP if the text is in a security tutorial or research paper discussing injection techniques as examples, not in an active skill description.
Detects patterns indicating sensitive data being sent to external services
exfiltrate dataRestrict file reading to the project directory and block outbound network calls that include file contents. Implement file path validation to prevent directory traversal.
Likely FP if the tool legitimately reads project files and displays them to the user locally, without sending data to external services.
Detects patterns where external API responses are used directly without validation or sanitization
API key in your response + directly from your trusted useValidate and sanitize all data received from external APIs before using it in tool operations or agent prompts. Implement schema validation and treat API responses as untrusted input.
Likely FP if the match is a truncated table cell or documentation fragment that mentions API responses in a descriptive context, not actual unvalidated data processing.