First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
2
Score
70/100
Findings (2)
Detects fetching external URLs and using the content as agent instructions or rules
prompts via the Bria APISanitize or validate all external inputs (file contents, API responses, user messages) before including them in prompts or tool calls. Implement input/output boundaries between trusted and untrusted data.
Likely FP if the matched text is the skill's own instruction set describing how to handle user input, not an actual injection payload.
Code block labeled "markdown" contains executable content
{
"conditions": "bright daylight | dim indoor | studio lighting | golden hour | blue hour | overcast",
"direction": "front-lit | backlit | side-lit from left | top-down",
"shadows": "long, soft ...Align the tool description with what the code actually does. If the description says one thing but the code does another, update the description to be accurate or fix the code.
Likely FP if the NLP analyzer misinterpreted technical jargon or the description accurately describes behavior through domain-specific terminology.