First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
2
Score
85/100
Findings (2)
Detects autonomous sub-agent or cron-based execution without human oversight
cron job runs every 30 seconds and instructs the agent + AutonomousRemove directives that force the agent to call specific tools or APIs not required for the skill's stated functionality. Tool calls should be determined by user intent, not embedded directives.
Likely FP if the skill legitimately needs to call other tools as part of its workflow (e.g., a deployment skill that calls git and cloud CLI tools).
Detects URLs fetched at runtime that control or influence agent behavior without pinning
GET "https:// + RulesAvoid loading configuration or behavior-controlling content from runtime URLs. Bundle required configurations locally or pin remote config to versioned, integrity-verified endpoints.
Likely FP if the URL in the match is a documentation link or example URL (e.g., example.com) rather than an actual runtime-fetched configuration endpoint.