First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
7
Score
5/100
Findings (7)
Instruction override combined with dangerous operations
Use variable overrides ONLY for auth (api_key_id, private_key)Remove language that attempts to override safety guidelines or bypass system-level controls. This pattern is a strong indicator of a jailbreak attempt.
Likely FP if the matched text is in a security research document or educational content clearly marked as an example rather than an active payload.
Instruction override combined with dangerous operations
Use variable overrides ONLY for auth (api_key_id, private_key)Remove language that attempts to override safety guidelines or bypass system-level controls. This pattern is a strong indicator of a jailbreak attempt.
Likely FP if the matched text is in a security research document or educational content clearly marked as an example rather than an active payload.
Detects fetching external URLs and using the content as agent instructions or rules
fetch sig-verified oracle quote instructionSanitize or validate all external inputs (file contents, API responses, user messages) before including them in prompts or tool calls. Implement input/output boundaries between trusted and untrusted data.
Likely FP if the matched text is the skill's own instruction set describing how to handle user input, not an actual injection payload.
Detects fetching external URLs and using the content as agent instructions or rules
fetch managed update instructionsSanitize or validate all external inputs (file contents, API responses, user messages) before including them in prompts or tool calls. Implement input/output boundaries between trusted and untrusted data.
Likely FP if the matched text is the skill's own instruction set describing how to handle user input, not an actual injection payload.
Detects fetching external URLs and using the content as agent instructions or rules
Fetch update instructionsSanitize or validate all external inputs (file contents, API responses, user messages) before including them in prompts or tool calls. Implement input/output boundaries between trusted and untrusted data.
Likely FP if the matched text is the skill's own instruction set describing how to handle user input, not an actual injection payload.
Detects global installation of packages which affects the host system
npm install -g @Replace npm install -g with a local install (npm install --save-dev) or use npx with a pinned version. Global installs modify the system and risk supply chain attacks.
Likely FP if the global install is for a well-known CLI tool (e.g., typescript, eslint) in setup documentation, though the supply chain risk remains real.
Detects global installation of packages which affects the host system
npm install -g @Replace npm install -g with a local install (npm install --save-dev) or use npx with a pinned version. Global installs modify the system and risk supply chain attacks.
Likely FP if the global install is for a well-known CLI tool (e.g., typescript, eslint) in setup documentation, though the supply chain risk remains real.