First Seen
Feb 18, 2026
Last Scanned
Feb 20, 2026
Findings
3
Score
67/100
Findings (3)
Detects content pretending to be a system prompt
system instruction:Remove encoded or obfuscated directives (base64, ROT13, unicode escapes, hex-encoded text). All text should be in plaintext and human-readable.
Likely FP if the encoded content is legitimate data (e.g., a base64-encoded image, a hex-encoded binary hash) rather than concealed directives.
Detects -y, --yes, or --auto-approve flags in MCP/skill install commands that bypass user confirmation
'-y'Remove the -y/--yes auto-confirm flag from MCP server launch arguments. This flag bypasses user confirmation prompts and allows unattended execution of potentially dangerous operations.
Likely FP if the matched text is an isolated flag (-y or --yes) in documentation describing command-line options, not in an actual MCP config.
Detects npx with -y flag that bypasses user confirmation for package installation
npx -y Replace npx -y with an explicit npm install step that pins the package to a specific version, then run it. Remove the -y flag to require user confirmation.
Likely FP if the npx command runs a well-known, trusted tool (e.g., create-react-app) in documentation context with no version pinning concern.