LICENSE
MANIFEST.in
README.md
setup.py
attack-db/README.md
attack-db/manifest.json
attack-db/attacks/agent-security/GLS-AGT-GHSA-001-git-dir-and-related-git-plumbing-env-vars-missing-from-exec-.json
attack-db/attacks/agent-security/GLS-AGT-GHSA-002-multiple-code-paths-missing-base64-pre-allocation-size-check.json
attack-db/attacks/agent-security/GLS-AGT-GHSA-019-shared-reply-media-paths-are-treated-as-trusted-and-can-trig.json
attack-db/attacks/agent-security/GLS-AGT-GHSA-023-lower-trust-background-runtime-output-is-injected-into-trust.json
attack-db/attacks/agent-security/GLS-AGT-GHSA-025-langchain-has-incomplete-f-string-validation-in-prompt-templ.json
attack-db/attacks/agent-workflow/GLS-AW-007-agent-permission-bypass-via-compound-commands.json
attack-db/attacks/agent-workflow-security/GLS-AW-001-web-fetch-to-publish-pipeline-injection.json
attack-db/attacks/agent-workflow-security/GLS-AW-002-overprivileged-cms-publish-connector.json
attack-db/attacks/agent-workflow-security/GLS-AW-003-overprivileged-social-scheduler-connector.json
attack-db/attacks/agent-workflow-security/GLS-AW-004-poisoned-persistent-prompt-or-skill.json
attack-db/attacks/agent-workflow-security/GLS-AW-005-poisoned-rss-or-brand-doc-ingestion.json
attack-db/attacks/agent-workflow-security/GLS-AW-006-unsafely-auto-published-marketing-content.json
attack-db/attacks/agent-workflow-security/GLS-AW-009-unauthenticated-agent-event-stream.json
attack-db/attacks/auth-bypass/GLS-AB-001-authentication-bypass-via-token-truncation.json
attack-db/attacks/auth-bypass/GLS-AB-001-jwt-algorithm-none-bypass.json
attack-db/attacks/auth-bypass/GLS-AB-002-credential-hash-exposure-via-api.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-007-gateway-plugin-http-auth-gateway-widens-identity-bearing-ope.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-009-node-pair-approve-placed-in-operator-write-scope-instead-of-.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-010-feishu-docx-upload-file-upload-image-bypasses-workspace-only.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-012-existing-ws-sessions-survive-shared-gateway-token-rotation.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-013-concurrent-async-auth-attempts-can-bypass-the-intended-share.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-014-node-pairing-reconnect-command-escalation-bypasses-operator-.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-016-resolvedauth-closure-becomes-stale-after-config-reload.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-017-node-invoke-browser-proxy-bypasses-browser-request-persisten.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-018-device-token-rotate-mints-tokens-for-unapproved-roles-bypass.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-020-strictinlineeval-explicit-approval-boundary-bypassed-by-appr.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-022-authenticated-hooks-wake-and-mapped-wake-payloads-are-promot.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-030-lobehub-unauthenticated-authentication-bypass-on-webapi-rout.json
attack-db/attacks/c2-indicator/GLS-C2-001-known-c2-indicators-bluenoroff-lazarus.json
attack-db/attacks/code-switching/GLS-CS-001-code-switching-mixed-language-injection.json
attack-db/attacks/command-injection/GLS-CI-001-dangerous-shell-commands.json
attack-db/attacks/command-injection/GLS-CI-002-reverse-shell-patterns.json
attack-db/attacks/command-injection/GLS-CI-003-script-execution-request.json
attack-db/attacks/command-injection/GLS-CI-004-unquoted-shell-interpolation-injection.json
attack-db/attacks/command-injection/GLS-CI-005-skill-reverse-shell.json
attack-db/attacks/command-injection/GLS-CI-006-websocket-terminal-auth-bypass.json
attack-db/attacks/command-injection/GLS-CMD-GHSA-003-b-m3-clawhub-package-downloads-are-not-enforced-with-integri.json
attack-db/attacks/command-injection/GLS-CMD-GHSA-005-host-exec-environment-variable-injection.json
attack-db/attacks/command-injection/GLS-CMD-GHSA-015-allowlist-omits-owner-only-enforcement-for-cross-channel-all.json
attack-db/attacks/command-injection/GLS-CMD-GHSA-021-hgrcpath-cargo-build-rustc-wrapper-rustc-wrapper-and-makefla.json
attack-db/attacks/command-injection/GLS-CMD-GHSA-024-praisonai-vulnerable-to-os-command-injection.json
attack-db/attacks/command-injection/GLS-CMD-GHSA-029-stata-mcp-has-insufficient-validation-of-user-supplied-stata.json
attack-db/attacks/command-injection/GLS-MCP-001-mcp-url-scheme-injection.json
attack-db/attacks/command-injection/GLS-SI-001-sql-injection-in-metadata-filter-queries.json
attack-db/attacks/command-injection/GLS-TD-003-symlink-traversal-attack.json
attack-db/attacks/data-exfiltration/GLS-EX-001-credential-exfiltration-request.json
attack-db/attacks/data-exfiltration/GLS-EX-002-data-exfiltration-via-url.json
attack-db/attacks/data-exfiltration/GLS-EX-003-token-credential-paste-request.json
attack-db/attacks/data-exfiltration/GLS-EX-004-memory-file-upload-exfil.json
attack-db/attacks/data-exfiltration/GLS-EX-005-webhook-exfiltration-sinks.json
attack-db/attacks/data-exfiltration/GLS-EX-006-public-tunnel-infrastructure.json
attack-db/attacks/data-exfiltration/GLS-EX-007-outbound-http-upload-via-curl.json
attack-db/attacks/data-exfiltration/GLS-EX-008-raw-ip-address-as-http-destination.json
attack-db/attacks/data-exfiltration/GLS-EX-009-archive-then-egress-exfiltration.json
attack-db/attacks/data-exfiltration/GLS-EX-010-source-map-leak-indicator.json
attack-db/attacks/data-exfiltration/GLS-EX-011-markdown-reference-style-exfiltration-echoleak.json
attack-db/attacks/data-exfiltration/GLS-EX-012-markdown-image-auto-fetch-exfiltration.json
attack-db/attacks/data-exfiltration/GLS-EX-013-skill-secret-exfiltration.json
attack-db/attacks/data-exfiltration/GLS-EX-014-skill-exfiltration-chain.json
attack-db/attacks/data-exfiltration/GLS-EX-015-indirect-secret-relay.json
attack-db/attacks/data-exfiltration/GLS-EX-016-diagnostic-secret-harvest.json
attack-db/attacks/data-exfiltration/GLS-EX-017-diagnostic-exfiltration-destination.json
attack-db/attacks/data-exfiltration/GLS-ML-AR-002-arabic-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-ML-DE-002-german-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-ML-ES-002-spanish-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-ML-FR-002-french-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-ML-HI-002-hindi-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-ML-ID-002-indonesian-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-ML-JA-002-japanese-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-ML-KO-002-korean-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-ML-PT-002-portuguese-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-ML-RU-002-russian-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-ML-TR-002-turkish-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-ML-ZH-002-chinese-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-TD-004-config-redaction-bypass.json
attack-db/attacks/deserialization/GLS-DS-001-insecure-deserialization-of-untrusted-data.json
attack-db/attacks/deserialization/GLS-DS-002-ml-checkpoint-unsafe-deserialization.json
attack-db/attacks/dns-tunneling/GLS-DN-001-base32-dns-tunneling-label.json
attack-db/attacks/encoded-payload/GLS-EP-001-large-base64-encoded-payload.json
attack-db/attacks/encoded-payload/GLS-EP-002-gzip-base64-compressed-payload.json
attack-db/attacks/encoding-evasion/GLS-EE-001-encoding-transformation-attack.json
attack-db/attacks/hidden-instruction/GLS-HI-001-html-comment-injection.json
attack-db/attacks/hidden-instruction/GLS-HI-002-invisible-text-instruction.json
attack-db/attacks/hidden-instruction/GLS-HI-003-hidden-instruction-in-html-comment.json
attack-db/attacks/indirect-prompt-injection/GLS-IP-001-indirect-instruction-reset.json
attack-db/attacks/invisible-unicode/GLS-IU-001-invisible-unicode-characters.json
attack-db/attacks/mcp-threat/GLS-MCP-002-mcp-capability-drift.json
attack-db/attacks/mcp-threat/GLS-MCP-003-mcp-capability-expansion.json
attack-db/attacks/mcp-threat/GLS-MCP-004-tool-trust-mismatch.json
attack-db/attacks/mcp-threat/GLS-MCP-005-mcp-definition-threat-indicator.json
attack-db/attacks/mcp-threat/GLS-MCP-006-tool-metadata-prompt-injection.json
attack-db/attacks/mcp-threat/GLS-MCP-007-mcp-localhost-origin-risk.json
attack-db/attacks/mcp-threat/GLS-MCP-008-mcp-tool-shell-interpolation-rce.json
attack-db/attacks/memory-poisoning/GLS-MP-001-memory-persistence-attack.json
attack-db/attacks/memory-poisoning/GLS-MP-002-fake-policy-insertion.json
attack-db/attacks/memory-poisoning/GLS-MP-003-permanent-obedience-injection.json
attack-db/attacks/path-traversal/GLS-PT-001-path-traversal-in-prompt-template-loading.json
attack-db/attacks/path-traversal/GLS-PT-002-agent-workspace-boundary-bypass.json
attack-db/attacks/privilege-escalation/GLS-PE-001-admin-debug-mode-activation.json
attack-db/attacks/privilege-escalation/GLS-PE-002-approval-bypass.json
attack-db/attacks/privilege-escalation/GLS-TD-002-agent-config-manipulation.json
attack-db/attacks/prompt-extraction/GLS-PX-001-direct-prompt-extraction.json
attack-db/attacks/prompt-injection/GLS-ML-AR-001-arabic-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-ML-DE-001-german-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-ML-ES-001-spanish-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-ML-FR-001-french-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-ML-HI-001-hindi-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-ML-ID-001-indonesian-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-ML-JA-001-japanese-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-ML-KO-001-korean-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-ML-PT-001-portuguese-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-ML-RU-001-russian-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-ML-TR-001-turkish-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-ML-ZH-001-chinese-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-PA-001-parasitic-system-prompt-injection.json
attack-db/attacks/prompt-injection/GLS-PI-001-ignore-previous-instructions.json
attack-db/attacks/prompt-injection/GLS-PI-002-new-instructions-injection.json
attack-db/attacks/prompt-injection/GLS-PI-003-jailbreak-roleplay.json
attack-db/attacks/prompt-injection/GLS-PI-004-instruction-boundary-confusion.json
attack-db/attacks/prompt-injection/GLS-PI-005-ignore-all-prior-rules.json
attack-db/attacks/prompt-injection/GLS-PI-006-forget-previous-instructions.json
attack-db/attacks/prompt-injection/GLS-PI-007-bypass-instructions-then-exfiltrate.json
attack-db/attacks/prompt-injection/GLS-PI-008-read-secrets-then-send.json
attack-db/attacks/prompt-injection/GLS-PI-009-retrieval-triggered-prompt-injection.json
attack-db/attacks/prompt-injection/GLS-PI-010-prompt-leakage-attempt.json
attack-db/attacks/prompt-injection/GLS-PI-011-canary-token-leakage-attempt.json
attack-db/attacks/prompt-injection/GLS-PI-012-covert-agent-targeting.json
attack-db/attacks/prompt-injection/GLS-PI-013-malicious-readme-agent-targeting.json
attack-db/attacks/prompt-injection/GLS-PI-014-workflow-laundered-secret-collection.json
attack-db/attacks/prompt-injection/GLS-PI-015-concealment-plus-action.json
attack-db/attacks/rtl-obfuscation/GLS-RTL-001-rtl-override-marker.json
attack-db/attacks/sandbox-escape/GLS-SBX-GHSA-028-praisonai-has-sandbox-escape-via-exception-frame-traversal-i.json
attack-db/attacks/secret-detection/GLS-SD-001-api-key-patterns.json
attack-db/attacks/secret-detection/GLS-SD-002-private-key-content.json
attack-db/attacks/secret-detection/GLS-SD-003-aws-access-key-id.json
attack-db/attacks/secret-detection/GLS-SD-004-pem-encoded-private-key.json
attack-db/attacks/secret-detection/GLS-SD-005-jwt-token.json
attack-db/attacks/secret-detection/GLS-SD-006-github-classic-pat.json
attack-db/attacks/secret-detection/GLS-SD-007-slack-api-token.json
attack-db/attacks/secret-detection/GLS-SD-008-google-api-key.json
attack-db/attacks/secret-detection/GLS-SD-009-github-fine-grained-pat.json
attack-db/attacks/secret-detection/GLS-SD-010-environment-config-secret-dump.json
attack-db/attacks/social-engineering/GLS-SE-001-authority-impersonation.json
attack-db/attacks/social-engineering/GLS-SE-002-fake-support-impersonation.json
attack-db/attacks/social-engineering/GLS-SE-003-repo-lure-language-fake-leaked-tools.json
attack-db/attacks/social-engineering/GLS-SE-004-security-bypass-via-social-proof.json
attack-db/attacks/ssrf/GLS-SSRF-GHSA-004-fetchwithssrfguard-replays-unsafe-request-bodies-across-cros.json
attack-db/attacks/ssrf/GLS-SSRF-GHSA-006-strict-browser-ssrf-bypass-in-playwright-redirect-handling-l.json
attack-db/attacks/ssrf/GLS-SSRF-GHSA-008-has-browser-ssrf-policy-bypass-via-interaction-triggered-nav.json
attack-db/attacks/ssrf/GLS-SSRF-GHSA-011-qq-bot-extension-missing-ssrf-protection-on-all-media-fetch-.json
attack-db/attacks/ssrf/GLS-SSRF-GHSA-026-n8n-mcp-has-authenticated-ssrf-via-instance-url-header-in-mu.json
attack-db/attacks/ssrf/GLS-SSRF-GHSA-027-mcp-from-openapi-is-vulnerable-to-ssrf-via-ref-dereferencing.json
attack-db/attacks/supply-chain/GLS-SC-001-http-exfiltration-to-hardcoded-ip.json
attack-db/attacks/supply-chain/GLS-SC-002-credential-path-harvesting.json
attack-db/attacks/supply-chain/GLS-SC-003-remote-code-download-and-execute.json
attack-db/attacks/supply-chain/GLS-SC-004-browser-extension-data-theft.json
attack-db/attacks/supply-chain/GLS-SC-005-self-deleting-payload.json
attack-db/attacks/supply-chain/GLS-SC-006-suspicious-postinstall-hook.json
attack-db/attacks/supply-chain/GLS-SC-007-anti-debugging-trap.json
attack-db/attacks/supply-chain/GLS-SC-008-environment-and-system-reconnaissance.json
attack-db/attacks/supply-chain/GLS-SC-009-npm-postinstall-hook-attack.json
attack-db/attacks/supply-chain/GLS-SC-010-known-malicious-npm-packages.json
attack-db/attacks/supply-chain/GLS-SC-011-staged-payload-selector.json
attack-db/attacks/supply-chain/GLS-SC-012-malicious-release-asset.json
attack-db/attacks/supply-chain/GLS-SC-013-supply-chain-identity-drift.json
attack-db/attacks/supply-chain/GLS-SC-014-malicious-skill-install-guidance.json
attack-db/attacks/supply-chain/GLS-SC-015-infostealer-behavior-amos.json
attack-db/attacks/supply-chain/GLS-SC-016-suspicious-download-url-in-skill.json
attack-db/attacks/supply-chain/GLS-SC-017-unverifiable-external-dependency.json
attack-db/attacks/supply-chain/GLS-SC-018-sandbox-claim-mismatch.json
attack-db/attacks/supply-chain/GLS-SC-019-agent-template-instruction-injection.json
attack-db/attacks/supply-chain/GLS-TD-001-environment-variable-poisoning.json
attack-db/attacks/unicode-evasion/GLS-UE-001-cyrillic-homoglyph-ignore-instructions.json
attack-db/attacks/unicode-evasion/GLS-UE-002-cyrillic-homoglyph-send-credentials.json
sunglasses/__init__.py
sunglasses/__main__.py
sunglasses/cli.py
sunglasses/engine.py
sunglasses/loader.py
sunglasses/mailer.py
sunglasses/mcp.py
sunglasses/patterns.py
sunglasses/preprocessor.py
sunglasses/reporter.py
sunglasses/sarif.py
sunglasses/scanner.py
sunglasses.egg-info/PKG-INFO
sunglasses.egg-info/SOURCES.txt
sunglasses.egg-info/dependency_links.txt
sunglasses.egg-info/entry_points.txt
sunglasses.egg-info/requires.txt
sunglasses.egg-info/top_level.txt
sunglasses/data/attacks/agent-workflow/GLS-AW-007-agent-permission-bypass-via-compound-commands.json
sunglasses/data/attacks/agent-workflow-security/GLS-AW-001-web-fetch-to-publish-pipeline-injection.json
sunglasses/data/attacks/agent-workflow-security/GLS-AW-002-overprivileged-cms-publish-connector.json
sunglasses/data/attacks/agent-workflow-security/GLS-AW-003-overprivileged-social-scheduler-connector.json
sunglasses/data/attacks/agent-workflow-security/GLS-AW-004-poisoned-persistent-prompt-or-skill.json
sunglasses/data/attacks/agent-workflow-security/GLS-AW-005-poisoned-rss-or-brand-doc-ingestion.json
sunglasses/data/attacks/agent-workflow-security/GLS-AW-006-unsafely-auto-published-marketing-content.json
sunglasses/data/attacks/auth-bypass/GLS-AB-001-authentication-bypass-via-token-truncation.json
sunglasses/data/attacks/c2-indicator/GLS-C2-001-known-c2-indicators-bluenoroff-lazarus.json
sunglasses/data/attacks/code-switching/GLS-CS-001-code-switching-mixed-language-injection.json
sunglasses/data/attacks/command-injection/GLS-CI-001-dangerous-shell-commands.json
sunglasses/data/attacks/command-injection/GLS-CI-002-reverse-shell-patterns.json
sunglasses/data/attacks/command-injection/GLS-CI-003-script-execution-request.json
sunglasses/data/attacks/command-injection/GLS-CI-004-unquoted-shell-interpolation-injection.json
sunglasses/data/attacks/command-injection/GLS-CI-005-skill-reverse-shell.json
sunglasses/data/attacks/command-injection/GLS-MCP-001-mcp-url-scheme-injection.json
sunglasses/data/attacks/command-injection/GLS-SI-001-sql-injection-in-metadata-filter-queries.json
sunglasses/data/attacks/command-injection/GLS-TD-003-symlink-traversal-attack.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-001-credential-exfiltration-request.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-002-data-exfiltration-via-url.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-003-token-credential-paste-request.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-004-memory-file-upload-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-005-webhook-exfiltration-sinks.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-006-public-tunnel-infrastructure.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-007-outbound-http-upload-via-curl.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-008-raw-ip-address-as-http-destination.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-009-archive-then-egress-exfiltration.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-010-source-map-leak-indicator.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-011-markdown-reference-style-exfiltration-echoleak.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-012-markdown-image-auto-fetch-exfiltration.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-013-skill-secret-exfiltration.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-014-skill-exfiltration-chain.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-015-indirect-secret-relay.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-016-diagnostic-secret-harvest.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-017-diagnostic-exfiltration-destination.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-AR-002-arabic-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-DE-002-german-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-ES-002-spanish-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-FR-002-french-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-HI-002-hindi-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-ID-002-indonesian-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-JA-002-japanese-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-KO-002-korean-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-PT-002-portuguese-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-RU-002-russian-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-TR-002-turkish-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-ZH-002-chinese-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-TD-004-config-redaction-bypass.json
sunglasses/data/attacks/deserialization/GLS-DS-001-insecure-deserialization-of-untrusted-data.json
sunglasses/data/attacks/dns-tunneling/GLS-DN-001-base32-dns-tunneling-label.json
sunglasses/data/attacks/encoded-payload/GLS-EP-001-large-base64-encoded-payload.json
sunglasses/data/attacks/encoded-payload/GLS-EP-002-gzip-base64-compressed-payload.json
sunglasses/data/attacks/encoding-evasion/GLS-EE-001-encoding-transformation-attack.json
sunglasses/data/attacks/hidden-instruction/GLS-HI-001-html-comment-injection.json
sunglasses/data/attacks/hidden-instruction/GLS-HI-002-invisible-text-instruction.json
sunglasses/data/attacks/hidden-instruction/GLS-HI-003-hidden-instruction-in-html-comment.json
sunglasses/data/attacks/indirect-prompt-injection/GLS-IP-001-indirect-instruction-reset.json
sunglasses/data/attacks/invisible-unicode/GLS-IU-001-invisible-unicode-characters.json
sunglasses/data/attacks/mcp-threat/GLS-MCP-002-mcp-capability-drift.json
sunglasses/data/attacks/mcp-threat/GLS-MCP-003-mcp-capability-expansion.json
sunglasses/data/attacks/mcp-threat/GLS-MCP-004-tool-trust-mismatch.json
sunglasses/data/attacks/mcp-threat/GLS-MCP-005-mcp-definition-threat-indicator.json
sunglasses/data/attacks/mcp-threat/GLS-MCP-006-tool-metadata-prompt-injection.json
sunglasses/data/attacks/mcp-threat/GLS-MCP-007-mcp-localhost-origin-risk.json
sunglasses/data/attacks/memory-poisoning/GLS-MP-001-memory-persistence-attack.json
sunglasses/data/attacks/memory-poisoning/GLS-MP-002-fake-policy-insertion.json
sunglasses/data/attacks/memory-poisoning/GLS-MP-003-permanent-obedience-injection.json
sunglasses/data/attacks/path-traversal/GLS-PT-001-path-traversal-in-prompt-template-loading.json
sunglasses/data/attacks/privilege-escalation/GLS-PE-001-admin-debug-mode-activation.json
sunglasses/data/attacks/privilege-escalation/GLS-PE-002-approval-bypass.json
sunglasses/data/attacks/privilege-escalation/GLS-TD-002-agent-config-manipulation.json
sunglasses/data/attacks/prompt-extraction/GLS-PX-001-direct-prompt-extraction.json
sunglasses/data/attacks/prompt-injection/GLS-ML-AR-001-arabic-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-ML-DE-001-german-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-ML-ES-001-spanish-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-ML-FR-001-french-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-ML-HI-001-hindi-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-ML-ID-001-indonesian-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-ML-JA-001-japanese-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-ML-KO-001-korean-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-ML-PT-001-portuguese-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-ML-RU-001-russian-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-ML-TR-001-turkish-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-ML-ZH-001-chinese-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-PA-001-parasitic-system-prompt-injection.json
sunglasses/data/attacks/prompt-injection/GLS-PI-001-ignore-previous-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-PI-002-new-instructions-injection.json
sunglasses/data/attacks/prompt-injection/GLS-PI-003-jailbreak-roleplay.json
sunglasses/data/attacks/prompt-injection/GLS-PI-004-instruction-boundary-confusion.json
sunglasses/data/attacks/prompt-injection/GLS-PI-005-ignore-all-prior-rules.json
sunglasses/data/attacks/prompt-injection/GLS-PI-006-forget-previous-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-PI-007-bypass-instructions-then-exfiltrate.json
sunglasses/data/attacks/prompt-injection/GLS-PI-008-read-secrets-then-send.json
sunglasses/data/attacks/prompt-injection/GLS-PI-009-retrieval-triggered-prompt-injection.json
sunglasses/data/attacks/prompt-injection/GLS-PI-010-prompt-leakage-attempt.json
sunglasses/data/attacks/prompt-injection/GLS-PI-011-canary-token-leakage-attempt.json
sunglasses/data/attacks/prompt-injection/GLS-PI-012-covert-agent-targeting.json
sunglasses/data/attacks/prompt-injection/GLS-PI-013-malicious-readme-agent-targeting.json
sunglasses/data/attacks/prompt-injection/GLS-PI-014-workflow-laundered-secret-collection.json
sunglasses/data/attacks/prompt-injection/GLS-PI-015-concealment-plus-action.json
sunglasses/data/attacks/rtl-obfuscation/GLS-RTL-001-rtl-override-marker.json
sunglasses/data/attacks/secret-detection/GLS-SD-001-api-key-patterns.json
sunglasses/data/attacks/secret-detection/GLS-SD-002-private-key-content.json
sunglasses/data/attacks/secret-detection/GLS-SD-003-aws-access-key-id.json
sunglasses/data/attacks/secret-detection/GLS-SD-004-pem-encoded-private-key.json
sunglasses/data/attacks/secret-detection/GLS-SD-005-jwt-token.json
sunglasses/data/attacks/secret-detection/GLS-SD-006-github-classic-pat.json
sunglasses/data/attacks/secret-detection/GLS-SD-007-slack-api-token.json
sunglasses/data/attacks/secret-detection/GLS-SD-008-google-api-key.json
sunglasses/data/attacks/secret-detection/GLS-SD-009-github-fine-grained-pat.json
sunglasses/data/attacks/secret-detection/GLS-SD-010-environment-config-secret-dump.json
sunglasses/data/attacks/social-engineering/GLS-SE-001-authority-impersonation.json
sunglasses/data/attacks/social-engineering/GLS-SE-002-fake-support-impersonation.json
sunglasses/data/attacks/social-engineering/GLS-SE-003-repo-lure-language-fake-leaked-tools.json
sunglasses/data/attacks/social-engineering/GLS-SE-004-security-bypass-via-social-proof.json
sunglasses/data/attacks/supply-chain/GLS-SC-001-http-exfiltration-to-hardcoded-ip.json
sunglasses/data/attacks/supply-chain/GLS-SC-002-credential-path-harvesting.json
sunglasses/data/attacks/supply-chain/GLS-SC-003-remote-code-download-and-execute.json
sunglasses/data/attacks/supply-chain/GLS-SC-004-browser-extension-data-theft.json
sunglasses/data/attacks/supply-chain/GLS-SC-005-self-deleting-payload.json
sunglasses/data/attacks/supply-chain/GLS-SC-006-suspicious-postinstall-hook.json
sunglasses/data/attacks/supply-chain/GLS-SC-007-anti-debugging-trap.json
sunglasses/data/attacks/supply-chain/GLS-SC-008-environment-and-system-reconnaissance.json
sunglasses/data/attacks/supply-chain/GLS-SC-009-npm-postinstall-hook-attack.json
sunglasses/data/attacks/supply-chain/GLS-SC-010-known-malicious-npm-packages.json
sunglasses/data/attacks/supply-chain/GLS-SC-011-staged-payload-selector.json
sunglasses/data/attacks/supply-chain/GLS-SC-012-malicious-release-asset.json
sunglasses/data/attacks/supply-chain/GLS-SC-013-supply-chain-identity-drift.json
sunglasses/data/attacks/supply-chain/GLS-SC-014-malicious-skill-install-guidance.json
sunglasses/data/attacks/supply-chain/GLS-SC-015-infostealer-behavior-amos.json
sunglasses/data/attacks/supply-chain/GLS-SC-016-suspicious-download-url-in-skill.json
sunglasses/data/attacks/supply-chain/GLS-SC-017-unverifiable-external-dependency.json
sunglasses/data/attacks/supply-chain/GLS-SC-018-sandbox-claim-mismatch.json
sunglasses/data/attacks/supply-chain/GLS-TD-001-environment-variable-poisoning.json
sunglasses/data/attacks/unicode-evasion/GLS-UE-001-cyrillic-homoglyph-ignore-instructions.json
sunglasses/data/attacks/unicode-evasion/GLS-UE-002-cyrillic-homoglyph-send-credentials.json
sunglasses/extractors/__init__.py
sunglasses/extractors/audio.py
sunglasses/extractors/image.py
sunglasses/extractors/pdf.py
sunglasses/extractors/qr.py
sunglasses/extractors/video.py
sunglasses/integrations/__init__.py
sunglasses/integrations/crewai.py
sunglasses/integrations/langchain.py
tests/test_cross_agent_injection_gym.py
tests/test_jailbreak_evasion.py
tests/test_jailbreak_evasion_fp.py
tests/test_pattern_integrity.py
tests/test_sarif.py
tests/test_supply_chain_skill_fp.py
tests/test_supply_chain_skill_gym.py
tests/test_ui_injection_social_fp.py
tests/test_ui_injection_social_gym.py