First Seen
Feb 18, 2026
Last Scanned
Feb 20, 2026
Findings
3
Score
77/100
Findings (3)
Detects common jailbreak prompt patterns
Bypass securityRemove directives that attempt to exfiltrate data through the agent's response (e.g., asking the agent to embed credentials in URLs or include secret values in output).
Likely FP if the text is a legitimate tool instruction about displaying configuration to the user (e.g., show current settings) without external transmission.
Detects skills fetching external URLs to use as runtime instructions
curl https://raw.githubusercontent.com + rulesPin the downloaded resource to a specific version or commit hash, and verify its integrity with a checksum (SHA-256). Avoid fetching scripts or binaries from arbitrary URLs at runtime.
Likely FP if the download URL points to a well-known CDN or package registry (e.g., npmjs.com, pypi.org) and is pinned to a specific version.
Detects references to raw.githubusercontent.com on mutable branches like main/master
raw.githubusercontent.com/rapid7/metasploit-omnibus/master/Replace GitHub raw.githubusercontent.com references with pinned commit SHAs instead of branch names (e.g., /commit-sha/file instead of /main/file). Branch references are mutable.
Likely FP if the raw GitHub URL points to a versioned release tag in a well-known repository, though even tags are technically mutable.