First Seen
Feb 19, 2026
Last Scanned
Feb 20, 2026
Findings
3
Score
85/100
Findings (3)
Detects instructions to decode and execute base64 content
base64-encoded serialized `VersionedTransactionRemove text that simulates multi-turn conversations or fake user/assistant message pairs. These patterns attempt to manipulate the agent by fabricating conversation history.
Likely FP if the matched text is documentation showing example conversations or API request/response formats for illustration purposes.
Detects MCP server configurations connecting to non-localhost remote URLs
"url":"https://registry.frames.ag/api/service/exa/api/search"Change the MCP server URL to localhost or a trusted internal endpoint. If a remote server is required, verify the domain ownership and use HTTPS with certificate validation.
Likely FP if the URL points to example.com, a documentation domain, or a well-known SaaS API endpoint (e.g., api.openai.com).
Detects URLs fetched at runtime that control or influence agent behavior without pinning
GET https:// + configAvoid loading configuration or behavior-controlling content from runtime URLs. Bundle required configurations locally or pin remote config to versioned, integrity-verified endpoints.
Likely FP if the URL in the match is a documentation link or example URL (e.g., example.com) rather than an actual runtime-fetched configuration endpoint.