vigil

Isolate security-sensitive operations from untrusted data flows. Use separate execution contexts or privilege levels for operations that handle both user input and sensitive resources.

Likely FP if the toxic flow analysis connected two unrelated code paths, or if the data undergoes transformation that removes the taint (e.g., parsed as a known enum value).

Add input validation between the user-controlled data source and the security-sensitive sink (e.g., file writes, command execution). Implement allowlisting for acceptable input patterns.

Likely FP if the user input passes through explicit validation or sanitization before reaching the sensitive operation, and the taint tracker missed the sanitization step.

Pin Git dependencies to specific commit hashes instead of branch names or tags. Branches and tags are mutable and can be updated to point to malicious code.

Likely FP if the Git reference points to a tagged release of a well-known repository, though tags are technically mutable.

Remove text that simulates multi-turn conversations or fake user/assistant message pairs. These patterns attempt to manipulate the agent by fabricating conversation history.

Likely FP if the matched text is documentation showing example conversations or API request/response formats for illustration purposes.

Replace eval()/exec() with a safer alternative such as json.loads(), ast.literal_eval(), or a purpose-built parser.

Likely FP if the matched text contains 'exec' as part of a word (e.g., 'execute', 'execution') rather than an actual eval() or exec() call.