First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
3
Score
62/100
Findings (3)
Detects instructions to decode and execute base64 content
base64 -d | bash`, `evalRemove text that simulates multi-turn conversations or fake user/assistant message pairs. These patterns attempt to manipulate the agent by fabricating conversation history.
Likely FP if the matched text is documentation showing example conversations or API request/response formats for illustration purposes.
Detects skills that write or promote content into agent instruction files
write to `SOUL.mdRemove or restrict the skill's ability to modify CLAUDE.md or agent configuration files. Self-modifying agent configurations can be exploited for persistent attacks.
Likely FP if the skill is a project management tool where updating CLAUDE.md is an intended workflow feature (e.g., appending project notes), though the risk remains.
Benign heading "'@openai/agents:*'\n;\n// Verbose logging\n..." followed by dangerous content (category: credential_access)
Credential access — Patterns accessing .env, API keys, tokens, SSH keysEnsure section headings accurately reflect the content that follows. Remove headings that could mislead an LLM into treating content differently than intended.
Likely FP if the heading mismatch is due to inconsistent markdown formatting or a benign section title that happens to contain keywords like system or config.