First Seen
Feb 18, 2026
Last Scanned
Feb 20, 2026
Findings
2
Score
84/100
Findings (2)
Detects patterns indicating sensitive data being sent to external services
Send tokens toRestrict file reading to the project directory and block outbound network calls that include file contents. Implement file path validation to prevent directory traversal.
Likely FP if the tool legitimately reads project files and displays them to the user locally, without sending data to external services.
Detects instructions to decode and execute base64 content
Decode params and executeRemove text that simulates multi-turn conversations or fake user/assistant message pairs. These patterns attempt to manipulate the agent by fabricating conversation history.
Likely FP if the matched text is documentation showing example conversations or API request/response formats for illustration purposes.