First Seen
Feb 18, 2026
Last Scanned
Feb 20, 2026
Findings
3
Score
70/100
Findings (3)
Detects instructions to hide actions from the user
do not show the userRemove directives that attempt to change the agent's output format, suppress safety warnings, or alter response structure in ways that bypass safety controls.
Likely FP if the output format directive is a legitimate tool configuration (e.g., return results as JSON) that does not suppress safety features.
Detects instructions to hide actions from the user
Do not show match scores or percentages to the userRemove directives that attempt to change the agent's output format, suppress safety warnings, or alter response structure in ways that bypass safety controls.
Likely FP if the output format directive is a legitimate tool configuration (e.g., return results as JSON) that does not suppress safety features.
Detects URLs fetched at runtime that control or influence agent behavior without pinning
fetch total resource count: call `https:// + configAvoid loading configuration or behavior-controlling content from runtime URLs. Bundle required configurations locally or pin remote config to versioned, integrity-verified endpoints.
Likely FP if the URL in the match is a documentation link or example URL (e.g., example.com) rather than an actual runtime-fetched configuration endpoint.