First Seen
Feb 18, 2026
Last Scanned
Feb 20, 2026
Findings
4
Score
45/100
Findings (4)
Detects dynamic tool registration patterns that could inject malicious tools
addTool(Remove or restrict the tool's ability to run arbitrary code. Implement sandboxing, input validation, and output filtering. Require user confirmation for any code execution.
Likely FP if the tool is a code execution sandbox (e.g., REPL, notebook) that is explicitly designed for this purpose with documented security boundaries.
Detects dynamic tool registration patterns that could inject malicious tools
addTool(Remove or restrict the tool's ability to run arbitrary code. Implement sandboxing, input validation, and output filtering. Require user confirmation for any code execution.
Likely FP if the tool is a code execution sandbox (e.g., REPL, notebook) that is explicitly designed for this purpose with documented security boundaries.
Detects dynamic tool registration patterns that could inject malicious tools
tools.push(Remove or restrict the tool's ability to run arbitrary code. Implement sandboxing, input validation, and output filtering. Require user confirmation for any code execution.
Likely FP if the tool is a code execution sandbox (e.g., REPL, notebook) that is explicitly designed for this purpose with documented security boundaries.
Detects URLs fetched at runtime that control or influence agent behavior without pinning
Get an OpenRouter API key at: https:// + settingsAvoid loading configuration or behavior-controlling content from runtime URLs. Bundle required configurations locally or pin remote config to versioned, integrity-verified endpoints.
Likely FP if the URL in the match is a documentation link or example URL (e.g., example.com) rather than an actual runtime-fetched configuration endpoint.