LICENSE
MANIFEST.in
README.md
setup.py
attack-db/README.md
attack-db/manifest.json
attack-db/attacks/agent-contract-poisoning/GLS-ACP-001-forged-sla-exception-precedence-rebind-guardrail-bypass.json
attack-db/attacks/agent-contract-poisoning/GLS-ACP-566-forged-sla-exception-precedence-guardrail-bypass.json
attack-db/attacks/agent-contract-poisoning/GLS-ACP-567-agent-contract-poisoning-pattern.json
attack-db/attacks/agent-instruction-file-poisoning/GLS-AIFP-001-agent-discovery-metadata-policy-poisoning.json
attack-db/attacks/agent-instruction-file-poisoning/GLS-AIFP-002-agents-md-agent-instruction-file-poisoning.json
attack-db/attacks/agent-instruction-file-poisoning/GLS-AIFP-003-cursor-rules-mdc-instruction-file-poisoning.json
attack-db/attacks/agent-instruction-file-poisoning/GLS-AIFP-004-devcontainer-devcontainer-json-agent-policy-poisoning.json
attack-db/attacks/agent-instruction-file-poisoning/GLS-AIFP-005-llms-full-txt-agent-policy-poisoning.json
attack-db/attacks/agent-instruction-file-poisoning/GLS-AIFP-006-vs-code-code-workspace-agent-policy-poisoning.json
attack-db/attacks/agent-instruction-file-poisoning/GLS-AIFP-007-editorconfig-agent-policy-poisoning.json
attack-db/attacks/agent-instruction-file-poisoning/GLS-AIFP-008-ignore-file-metadata-agent-policy-poisoning.json
attack-db/attacks/agent-instruction-file-poisoning/GLS-AIFP-009-pre-commit-config-agent-policy-poisoning.json
attack-db/attacks/agent-persona-drift/GLS-APD-249-agent-persona-drift-gradual-trust-recalibration.json
attack-db/attacks/agent-persona-drift/GLS-APD-250-unrestricted-role-override.json
attack-db/attacks/agent-persona-drift/GLS-APD-251-agent-persona-drift-pattern.json
attack-db/attacks/agent-persona-drift/GLS-APD-252-high-trust-identity-tag-authority-lift.json
attack-db/attacks/agent-persona-drift/GLS-APD-654-incremental-persona-drift-guardrail-relaxation.json
attack-db/attacks/agent-security/GLS-AGT-GHSA-001-git-dir-and-related-git-plumbing-env-vars-missing-from-exec-.json
attack-db/attacks/agent-security/GLS-AGT-GHSA-002-multiple-code-paths-missing-base64-pre-allocation-size-check.json
attack-db/attacks/agent-security/GLS-AGT-GHSA-019-shared-reply-media-paths-are-treated-as-trusted-and-can-trig.json
attack-db/attacks/agent-security/GLS-AGT-GHSA-023-lower-trust-background-runtime-output-is-injected-into-trust.json
attack-db/attacks/agent-security/GLS-AGT-GHSA-025-langchain-has-incomplete-f-string-validation-in-prompt-templ.json
attack-db/attacks/agent-workflow/GLS-AW-007-agent-permission-bypass-via-compound-commands.json
attack-db/attacks/agent-workflow/GLS-AW-016-emergency-urgency-approval-gate-skip-deploy.json
attack-db/attacks/agent-workflow/GLS-AW-581-rollback-exception-waiver-auto-execute-bypass.json
attack-db/attacks/agent-workflow-security/GLS-AW-001-web-fetch-to-publish-pipeline-injection.json
attack-db/attacks/agent-workflow-security/GLS-AW-002-overprivileged-cms-publish-connector.json
attack-db/attacks/agent-workflow-security/GLS-AW-003-overprivileged-social-scheduler-connector.json
attack-db/attacks/agent-workflow-security/GLS-AW-004-poisoned-persistent-prompt-or-skill.json
attack-db/attacks/agent-workflow-security/GLS-AW-005-poisoned-rss-or-brand-doc-ingestion.json
attack-db/attacks/agent-workflow-security/GLS-AW-006-unsafely-auto-published-marketing-content.json
attack-db/attacks/agent-workflow-security/GLS-AW-008-event-stream-delimiter-injection.json
attack-db/attacks/agent-workflow-security/GLS-AW-009-unauthenticated-agent-event-stream.json
attack-db/attacks/agent-workflow-security/GLS-AW-010-trusted-proxy-gateway-auth-widens-operator-scope-at-runtime.json
attack-db/attacks/agent-workflow-security/GLS-AW-011-ssrf-guard-gap-in-browser-driver-media-fetch-redirects.json
attack-db/attacks/agent-workflow-security/GLS-AW-012-websocket-session-survives-token-rotation-stale-auth.json
attack-db/attacks/agent-workflow-security/GLS-AW-013-praisonai-type-job-yaml-executes-shell-python-at-runtime.json
attack-db/attacks/agent-workflow-security/GLS-AW-014-agent-browser-websocket-accepts-wildcard-origin-or-no-auth.json
attack-db/attacks/agent-workflow-security/GLS-AW-015-agent-endpoint-cors-wildcard-with-no-authentication.json
attack-db/attacks/agent-workflow-security/GLS-AW-017-mtime-backdating.json
attack-db/attacks/agent-workflow-security/GLS-AW-018-cron-reply-log-drift.json
attack-db/attacks/agent-workflow-security/GLS-AW-019-heartbeat-status-spoofing.json
attack-db/attacks/agent-workflow-security/GLS-AW-020-justification-channel-hijack.json
attack-db/attacks/agent-workflow-security/GLS-AW-021-cron-trigger-desync.json
attack-db/attacks/agent-workflow-security/GLS-AW-022-control-plane-status-forgery.json
attack-db/attacks/agent-workflow-security/GLS-AW-023-log-evidence-suppression.json
attack-db/attacks/agent-workflow-security/GLS-AW-024-status-panel-greenwashing.json
attack-db/attacks/agent-workflow-security/GLS-AW-025-cron-state-carryover-poisoning.json
attack-db/attacks/agent-workflow-security/GLS-AW-026-reply-file-status-overshadowing.json
attack-db/attacks/agent-workflow-security/GLS-AW-027-approval-hash-collision.json
attack-db/attacks/agent-workflow-security/GLS-AW-028-owner-workqueue-collision.json
attack-db/attacks/agent-workflow-security/GLS-AW-029-handoff-intent-truncation.json
attack-db/attacks/agent-workflow-security/GLS-AW-030-approval-channel-desync.json
attack-db/attacks/agent-workflow-security/GLS-AW-031-permissive-model-fallback-routing-override.json
attack-db/attacks/agent-workflow-security/GLS-AW-032-sse-delimiter-frame-forgery-injection.json
attack-db/attacks/agent-workflow-security/GLS-AW-033-build-artifact-timestamp-backdating-freshness-spoof.json
attack-db/attacks/agent-workflow-security/GLS-AW-034-append-only-status-log-entry-forgery.json
attack-db/attacks/agent-workflow-security/GLS-AW-035-heartbeat-liveness-signal-forgery.json
attack-db/attacks/agent-workflow-security/GLS-AW-036-justification-channel-hijack-decision-divergence.json
attack-db/attacks/agent-workflow-security/GLS-AW-037-validator-consensus-herding-lockstep-coercion.json
attack-db/attacks/agent-workflow-security/GLS-AW-038-summarization-counter-evidence-eviction.json
attack-db/attacks/agent-workflow-security/GLS-AW-039-severity-downcast-critical-to-low-relabeling.json
attack-db/attacks/agent-workflow-security/GLS-AW-040-postrun-verifier-stale-output-freshness-bypass.json
attack-db/attacks/agent-workflow-security/GLS-AW-041-score-normalization-bucket-boundary-poisoning.json
attack-db/attacks/agent-workflow-security/GLS-AW-042-cron-trigger-desync-approval-scope-drift.json
attack-db/attacks/agent-workflow-security/GLS-AW-043-gap-fill-fabrication-pressure.json
attack-db/attacks/agent-workflow-security/GLS-AW-044-verification-gate-forgery.json
attack-db/attacks/agent-workflow-security/GLS-AW-045-template-placeholder-imperative-injection.json
attack-db/attacks/agent-workflow-security/GLS-AW-046-plan-summary-execution-drift.json
attack-db/attacks/agent-workflow-security/GLS-AW-047-state-board-status-inversion.json
attack-db/attacks/agent-workflow-security/GLS-AW-048-guardrail-evaluation-fixture-tampering.json
attack-db/attacks/agent-workflow-security/GLS-AW-049-stream-chunk-parser-boundary-bypass.json
attack-db/attacks/agent-workflow-security/GLS-AW-050-time-of-check-time-of-use-desync.json
attack-db/attacks/agent-workflow-security/GLS-AW-051-timezone-deadline-reinterpretation-attack.json
attack-db/attacks/agent-workflow-security/GLS-AW-052-lockfile-dependency-pinning-bypass.json
attack-db/attacks/agent-workflow-security/GLS-AW-053-control-plane-status-signal-forgery.json
attack-db/attacks/agent-workflow-security/GLS-AW-054-idempotency-key-rebinding-attack.json
attack-db/attacks/agent-workflow-security/GLS-AW-055-safety-alert-suppression-nudge.json
attack-db/attacks/agent-workflow-security/GLS-AW-056-canary-validator-parser-desync.json
attack-db/attacks/agent-workflow-security/GLS-AW-057-ocr-image-directive-injection.json
attack-db/attacks/agent-workflow-security/GLS-AW-058-fast-path-async-verification-race.json
attack-db/attacks/agent-workflow-security/GLS-AW-059-human-approval-summary-drift.json
attack-db/attacks/agent-workflow-security/GLS-AW-060-freshness-attestation-forgery.json
attack-db/attacks/agent-workflow-security/GLS-AW-061-evaluation-dataset-label-contamination.json
attack-db/attacks/agent-workflow-security/GLS-AW-062-telemetry-retention-window-manipulation.json
attack-db/attacks/agent-workflow-security/GLS-AW-063-decimal-separator-locale-poisoning.json
attack-db/attacks/agent-workflow-security/GLS-AW-064-kpi-scorecard-template-substitution.json
attack-db/attacks/agent-workflow-security/GLS-AW-065-single-telemetry-anchor-reuse.json
attack-db/attacks/agent-workflow-security/GLS-AW-066-wrong-cycle-bundle-date-swap.json
attack-db/attacks/agent-workflow-security/GLS-AW-067-error-recovery-scope-broadening.json
attack-db/attacks/agent-workflow-security/GLS-AW-068-manufactured-urgency-deadline-injection.json
attack-db/attacks/agent-workflow-security/GLS-AW-069-freshness-badge-timestamp-forgery.json
attack-db/attacks/agent-workflow-security/GLS-AW-070-cross-lane-freshness-split-brain-blend.json
attack-db/attacks/agent-workflow-security/GLS-AW-071-redaction-placeholder-literal-confusion.json
attack-db/attacks/agent-workflow-security/GLS-AW-072-locale-fallback-policy-downgrade.json
attack-db/attacks/agent-workflow-security/GLS-AW-073-runbook-example-weaponized-execution.json
attack-db/attacks/agent-workflow-security/GLS-AW-074-decision-trace-approval-forgery.json
attack-db/attacks/agent-workflow-security/GLS-AW-075-safety-canary-rotation-race.json
attack-db/attacks/agent-workflow-security/GLS-AW-076-incompatible-time-window-stitching.json
attack-db/attacks/agent-workflow-security/GLS-AW-077-sandbox-assumption-enforcement-gap.json
attack-db/attacks/agent-workflow-security/GLS-AW-078-numeric-unit-scale-drift.json
attack-db/attacks/agent-workflow-security/GLS-AW-079-multi-agent-role-tag-forgery.json
attack-db/attacks/agent-workflow-security/GLS-AW-080-guardrail-autotune-threshold-poisoning.json
attack-db/attacks/agent-workflow-security/GLS-AW-081-log-observability-evidence-suppression.json
attack-db/attacks/agent-workflow-security/GLS-AW-082-rate-limit-window-quality-blindspot.json
attack-db/attacks/agent-workflow-security/GLS-AW-083-slo-budget-safety-override.json
attack-db/attacks/agent-workflow-security/GLS-AW-084-telemetry-window-boundary-flip.json
attack-db/attacks/agent-workflow-security/GLS-AW-085-cross-lane-freshness-asymmetry-exploit.json
attack-db/attacks/agent-workflow-security/GLS-AW-086-fake-executive-approval-pretext.json
attack-db/attacks/agent-workflow-security/GLS-AW-087-dashboard-status-greenwash.json
attack-db/attacks/agent-workflow-security/GLS-AW-088-permission-scope-name-aliasing.json
attack-db/attacks/agent-workflow-security/GLS-AW-089-evidence-sampling-subsample-bias.json
attack-db/attacks/agent-workflow-security/GLS-AW-090-risk-register-first-frame-anchoring.json
attack-db/attacks/agent-workflow-security/GLS-AW-091-canary-checksum-semantic-mutation.json
attack-db/attacks/agent-workflow-security/GLS-AW-092-lexicographic-filename-sort-hijack.json
attack-db/attacks/agent-workflow-security/GLS-AW-093-metric-label-unit-aliasing.json
attack-db/attacks/agent-workflow-security/GLS-AW-094-utc-midnight-rollover-boundary-exploit.json
attack-db/attacks/agent-workflow-security/GLS-AW-095-stale-freshness-badge-spoofing.json
attack-db/attacks/agent-workflow-security/GLS-AW-096-multimodal-modality-boundary-injection.json
attack-db/attacks/agent-workflow-security/GLS-AW-097-eval-fixture-overfit-benchmark-gaming.json
attack-db/attacks/agent-workflow-security/GLS-AW-098-urgency-pretext-approval-laundering.json
attack-db/attacks/agent-workflow-security/GLS-AW-099-stale-pass-marker-replay.json
attack-db/attacks/agent-workflow-security/GLS-AW-100-ops-growth-metric-lane-collapse.json
attack-db/attacks/agent-workflow-security/GLS-AW-101-canonical-alias-equivalence-bypass.json
attack-db/attacks/agent-workflow-security/GLS-AW-102-coldstart-anomaly-baseline-poisoning.json
attack-db/attacks/agent-workflow-security/GLS-AW-103-discovery-layer-artifact-suppression.json
attack-db/attacks/agent-workflow-security/GLS-AW-104-evidence-anchor-file-substitution.json
attack-db/attacks/agent-workflow-security/GLS-AW-105-cumulative-execution-priority-drift.json
attack-db/attacks/agent-workflow-security/GLS-AW-106-canonical-path-case-alias-hijack.json
attack-db/attacks/agent-workflow-security/GLS-AW-107-abstention-suppression-coercion.json
attack-db/attacks/agent-workflow-security/GLS-AW-108-approval-to-execution-temporal-drift.json
attack-db/attacks/agent-workflow-security/GLS-AW-109-agent-objective-function-hijack.json
attack-db/attacks/agent-workflow-security/GLS-AW-110-confidence-badge-evidence-laundering.json
attack-db/attacks/agent-workflow-security/GLS-AW-111-cross-layer-resource-budget-desync.json
attack-db/attacks/agent-workflow-security/GLS-AW-112-idempotency-envelope-payload-mutation.json
attack-db/attacks/agent-workflow-security/GLS-AW-113-forged-rate-limit-backoff-signal.json
attack-db/attacks/agent-workflow-security/GLS-AW-114-non-equivalent-baseline-window-comparison.json
attack-db/attacks/agent-workflow-security/GLS-AW-115-gating-verdict-stagnation-loop.json
attack-db/attacks/agent-workflow-security/GLS-AW-116-boss-blocker-suppression-window-abuse.json
attack-db/attacks/agent-workflow-security/GLS-AW-117-remediation-loop-verify-step-poisoning.json
attack-db/attacks/agent-workflow-security/GLS-AW-118-fresh-artifact-freshness-bias-override.json
attack-db/attacks/agent-workflow-security/GLS-AW-119-dependency-health-spoof-gate-bypass.json
attack-db/attacks/agent-workflow-security/GLS-AW-120-optional-field-fatal-abort-coercion.json
attack-db/attacks/agent-workflow-security/GLS-AW-121-silent-stage-failure-success-masking.json
attack-db/attacks/agent-workflow-security/GLS-AW-122-security-filter-scope-broadening.json
attack-db/attacks/agent-workflow-security/GLS-AW-123-state-board-conflict-signal-collision.json
attack-db/attacks/agent-workflow-security/GLS-AW-124-runbook-escalation-path-spoofing.json
attack-db/attacks/agent-workflow-security/GLS-AW-125-fallback-chain-attacker-value-promotion.json
attack-db/attacks/agent-workflow-security/GLS-AW-126-fake-fresh-timestamp-recency-exploit.json
attack-db/attacks/agent-workflow-security/GLS-AW-127-tool-call-monitoring-signal-muting.json
attack-db/attacks/agent-workflow-security/GLS-AW-128-zero-null-equivalence-fallback-exploit.json
attack-db/attacks/agent-workflow-security/GLS-AW-129-decoy-bundle-file-existence-bypass.json
attack-db/attacks/agent-workflow-security/GLS-AW-130-date-boundary-ready-label-forgery.json
attack-db/attacks/agent-workflow-security/GLS-AW-131-fake-budget-pressure-validation-skip.json
attack-db/attacks/agent-workflow-security/GLS-AW-132-cross-cycle-state-inheritance-poisoning.json
attack-db/attacks/agent-workflow-security/GLS-AW-133-multi-source-arbitration-priority-inversion.json
attack-db/attacks/agent-workflow-security/GLS-AW-134-baseline-reference-point-manipulation.json
attack-db/attacks/agent-workflow-security/GLS-AW-135-digest-prefix-trust-shortcut-replay.json
attack-db/attacks/agent-workflow-security/GLS-AW-136-stale-workflow-version-trust-exploit.json
attack-db/attacks/agent-workflow-security/GLS-AW-137-semantic-similarity-retrieval-authority-lift.json
attack-db/attacks/agent-workflow-security/GLS-AW-138-multi-feed-partial-corruption-quorum-abuse.json
attack-db/attacks/agent-workflow-security/GLS-AW-139-blocker-regeneration-budget-burn.json
attack-db/attacks/agent-workflow-security/GLS-AW-140-dual-anchor-source-context-collapse.json
attack-db/attacks/agent-workflow-security/GLS-AW-141-cached-artifact-freshness-signal-forgery.json
attack-db/attacks/agent-workflow-security/GLS-AW-142-quota-exhaustion-signal-degraded-fallback.json
attack-db/attacks/agent-workflow-security/GLS-AW-143-high-cardinality-monitoring-explosion-attack.json
attack-db/attacks/agent-workflow-security/GLS-AW-144-temporal-window-mismatch-report-bias.json
attack-db/attacks/agent-workflow-security/GLS-AW-145-null-coalescing-anchor-overwrite-attack.json
attack-db/attacks/agent-workflow-security/GLS-AW-146-cross-stage-fallback-field-divergence.json
attack-db/attacks/agent-workflow-security/GLS-AW-147-false-done-sentinel-premature-exit.json
attack-db/attacks/agent-workflow-security/GLS-AW-148-conflict-resolution-merge-layer-poisoning.json
attack-db/attacks/agent-workflow-security/GLS-AW-149-lower-trust-evidence-source-coercion.json
attack-db/attacks/agent-workflow-security/GLS-AW-150-bot-traffic-growth-lane-contamination.json
attack-db/attacks/agent-workflow-security/GLS-AW-151-cron-date-freshness-verdict-laundering.json
attack-db/attacks/agent-workflow-security/GLS-AW-152-recycled-gate-artifact-progress-fraud.json
attack-db/attacks/agent-workflow-security/GLS-AW-153-pre-policy-summarization-authority-laundering.json
attack-db/attacks/agent-workflow-security/GLS-AW-154-forged-reply-file-board-override.json
attack-db/attacks/agent-workflow-security/GLS-AW-155-semantic-diff-negation-swap-bypass.json
attack-db/attacks/agent-workflow-security/GLS-AW-156-empty-sentinel-bundle-presence-bypass.json
attack-db/attacks/agent-workflow-security/GLS-AW-157-policy-threshold-output-mimicry.json
attack-db/attacks/agent-workflow-security/GLS-AW-158-diff-patch-lane-hidden-hunk-injection.json
attack-db/attacks/agent-workflow-security/GLS-AW-159-phantom-board-entry-task-takeover.json
attack-db/attacks/agent-workflow-security/GLS-AW-160-sandbox-host-boundary-ambiguity-escalation.json
attack-db/attacks/agent-workflow-security/GLS-AW-161-shadow-decision-memo-path-override.json
attack-db/attacks/agent-workflow-security/GLS-AW-162-evidence-source-weight-tag-poisoning.json
attack-db/attacks/agent-workflow-security/GLS-AW-163-primary-anchor-omission-fallback-laundering.json
attack-db/attacks/agent-workflow-security/GLS-AW-164-planned-path-symlink-alias-swap.json
attack-db/attacks/agent-workflow-security/GLS-AW-165-canary-content-production-path-injection.json
attack-db/attacks/agent-workflow-security/GLS-AW-166-encoding-canonicalization-policy-bypass.json
attack-db/attacks/agent-workflow-security/GLS-AW-167-synthetic-dedup-key-threat-suppression.json
attack-db/attacks/agent-workflow-security/GLS-AW-168-session-resume-stale-approval-inheritance.json
attack-db/attacks/agent-workflow-security/GLS-AW-169-schema-alias-ops-to-growth-lane-crosswire.json
attack-db/attacks/agent-workflow-security/GLS-AW-170-telemetry-log-signal-poisoning.json
attack-db/attacks/agent-workflow-security/GLS-AW-171-working-directory-path-resolution-hijack.json
attack-db/attacks/agent-workflow-security/GLS-AW-172-stale-state-board-cycle-hijack.json
attack-db/attacks/agent-workflow-security/GLS-AW-173-missing-baseline-metric-invention.json
attack-db/attacks/agent-workflow-security/GLS-AW-174-prose-success-machine-failure-mismatch.json
attack-db/attacks/agent-workflow-security/GLS-AW-175-concurrency-limit-safety-check-starvation.json
attack-db/attacks/agent-workflow-security/GLS-AW-176-mythos-signal-strategic-completion-forgery.json
attack-db/attacks/agent-workflow-security/GLS-AW-177-urgent-hotfix-artifact-injection.json
attack-db/attacks/agent-workflow-security/GLS-AW-178-low-trust-source-authority-rebinding.json
attack-db/attacks/agent-workflow-security/GLS-AW-179-stale-artifact-current-permission-replay.json
attack-db/attacks/agent-workflow-security/GLS-AW-180-hash-equivalent-behavior-divergent-approval-bypass.json
attack-db/attacks/agent-workflow-security/GLS-AW-181-outdated-policy-spec-authority-downgrade.json
attack-db/attacks/agent-workflow-security/GLS-AW-182-seed-claim-echo-chamber-amplification.json
attack-db/attacks/agent-workflow-security/GLS-AW-183-timestamp-context-staleness-concealment.json
attack-db/attacks/agent-workflow-security/GLS-AW-184-threshold-boundary-triage-score-gaming.json
attack-db/attacks/agent-workflow-security/GLS-AW-185-provenance-absent-fabricated-kpi-injection.json
attack-db/attacks/agent-workflow-security/GLS-AW-186-atomic-task-multi-action-smuggling.json
attack-db/attacks/agent-workflow-security/GLS-AW-187-fake-transient-error-retry-amplification.json
attack-db/attacks/agent-workflow-security/GLS-AW-188-evidence-ranking-heuristic-poisoning.json
attack-db/attacks/agent-workflow-security/GLS-AW-189-degraded-mode-marker-suppression.json
attack-db/attacks/agent-workflow-security/GLS-AW-190-health-badge-swap-go-mode-bypass.json
attack-db/attacks/agent-workflow-security/GLS-AW-191-workqueue-owner-collision-injection.json
attack-db/attacks/agent-workflow-security/GLS-AW-192-non-canonical-output-form-safety-bypass.json
attack-db/attacks/agent-workflow-security/GLS-AW-193-compact-handoff-intent-stripping.json
attack-db/attacks/agent-workflow-security/GLS-AW-194-self-referencing-readiness-verdict-echo.json
attack-db/attacks/agent-workflow-security/GLS-AW-195-zero-null-missing-key-fail-open.json
attack-db/attacks/agent-workflow-security/GLS-AW-196-output-format-negotiation-policy-bypass.json
attack-db/attacks/agent-workflow-security/GLS-AW-197-fake-ground-truth-evaluation-record-planting.json
attack-db/attacks/agent-workflow-security/GLS-AW-198-fixed-anchor-tunnel-decision-collapse.json
attack-db/attacks/agent-workflow-security/GLS-AW-199-cross-lane-telemetry-label-strip-merge.json
attack-db/attacks/agent-workflow-security/GLS-AW-200-competing-artifact-source-arbitration-exploit.json
attack-db/attacks/agent-workflow-security/GLS-AW-201-gate-non-determinism-transient-window-slip.json
attack-db/attacks/agent-workflow-security/GLS-AW-202-multi-source-false-consensus-coercion.json
attack-db/attacks/agent-workflow-security/GLS-AW-203-approval-preview-execution-desync.json
attack-db/attacks/agent-workflow-security/GLS-AW-204-replay-poison-persistent-instruction-promotion.json
attack-db/attacks/agent-workflow-security/GLS-AW-205-safety-judgment-weak-subagent-outsourcing.json
attack-db/attacks/agent-workflow-security/GLS-FRAMEWORK-BUG-211-agent-framework-bug-exploitation.json
attack-db/attacks/agent-workflow-security/GLS-GHSA-PI-202-ghsa-agent-injection-and-tool-abuse.json
attack-db/attacks/api-descriptor-poisoning/GLS-APIP-001-openapi-schema-example-poisoning.json
attack-db/attacks/api-descriptor-poisoning/GLS-APIP-002-plugin-manifest-description-authority-poisoning.json
attack-db/attacks/api-descriptor-poisoning/GLS-APIP-003-ai-plugin-manifest-agent-policy-poisoning.json
attack-db/attacks/api-descriptor-poisoning/GLS-APIP-004-asyncapi-schema-metadata-poisoning.json
attack-db/attacks/api-descriptor-poisoning/GLS-APIP-005-graphql-schema-description-poisoning.json
attack-db/attacks/api-descriptor-poisoning/GLS-APIP-006-grpc-protobuf-descriptor-agent-policy-poisoning.json
attack-db/attacks/api-descriptor-poisoning/GLS-APIP-007-postman-collection-agent-policy-poisoning.json
attack-db/attacks/api-descriptor-poisoning/GLS-APIP-008-wadl-service-description-agent-policy-poisoning.json
attack-db/attacks/api-descriptor-poisoning/GLS-APIP-009-wsdl-soap-service-description-agent-policy-poisoning.json
attack-db/attacks/api-descriptor-poisoning/GLS-APIP-010-iiif-manifest-agent-policy-poisoning.json
attack-db/attacks/api-descriptor-poisoning/GLS-APIP-011-openrpc-json-rpc-service-metadata-poisoning.json
attack-db/attacks/api-descriptor-poisoning/GLS-APIP-012-kubernetes-crd-openapi-schema-metadata-poisoning.json
attack-db/attacks/approval-graph-poisoning/GLS-AGP-001-forged-approval-graph-delegate-vote-policy-bypass.json
attack-db/attacks/approval-graph-poisoning/GLS-AGP-653-forged-approval-quorum-auto-approve-override.json
attack-db/attacks/auth-bypass/GLS-AB-001-authentication-bypass-via-token-truncation.json
attack-db/attacks/auth-bypass/GLS-AB-002-credential-hash-exposure-via-api.json
attack-db/attacks/auth-bypass/GLS-AB-003-forgeable-trust-header-auth-bypass-x-auth.json
attack-db/attacks/auth-bypass/GLS-AB-004-login-route-accepts-raw-sha-256-hex-pass-the-hash.json
attack-db/attacks/auth-bypass/GLS-AB-005-unsalted-sha-256-used-for-password-hashing.json
attack-db/attacks/auth-bypass/GLS-AB-006-jwt-algorithm-none-bypass.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-007-gateway-plugin-http-auth-gateway-widens-identity-bearing-ope.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-009-node-pair-approve-placed-in-operator-write-scope-instead-of-.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-010-feishu-docx-upload-file-upload-image-bypasses-workspace-only.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-012-existing-ws-sessions-survive-shared-gateway-token-rotation.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-013-concurrent-async-auth-attempts-can-bypass-the-intended-share.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-014-node-pairing-reconnect-command-escalation-bypasses-operator-.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-016-resolvedauth-closure-becomes-stale-after-config-reload.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-017-node-invoke-browser-proxy-bypasses-browser-request-persisten.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-018-device-token-rotate-mints-tokens-for-unapproved-roles-bypass.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-020-strictinlineeval-explicit-approval-boundary-bypassed-by-appr.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-022-authenticated-hooks-wake-and-mapped-wake-payloads-are-promot.json
attack-db/attacks/authorization-bypass/GLS-AUZ-GHSA-030-lobehub-unauthenticated-authentication-bypass-on-webapi-rout.json
attack-db/attacks/build-metadata-poisoning/GLS-BMP-001-npm-package-json-manifest-agent-policy-poisoning.json
attack-db/attacks/build-metadata-poisoning/GLS-BMP-002-bazel-buck-pants-build-metadata-agent-policy-poisoning.json
attack-db/attacks/build-metadata-poisoning/GLS-BMP-003-cargo-rust-package-metadata-agent-policy-poisoning.json
attack-db/attacks/build-metadata-poisoning/GLS-BMP-004-cmake-build-metadata-agent-policy-poisoning.json
attack-db/attacks/build-metadata-poisoning/GLS-BMP-005-gradle-maven-build-metadata-agent-policy-poisoning.json
attack-db/attacks/build-metadata-poisoning/GLS-BMP-006-lockfile-metadata-agent-policy-poisoning.json
attack-db/attacks/build-metadata-poisoning/GLS-BMP-007-makefile-and-task-runner-metadata-agent-policy-poisoning.json
attack-db/attacks/build-metadata-poisoning/GLS-BMP-008-package-manager-config-agent-policy-poisoning.json
attack-db/attacks/build-metadata-poisoning/GLS-BMP-009-pyproject-toml-python-package-metadata-agent-policy-poisonin.json
attack-db/attacks/build-metadata-poisoning/GLS-BMP-010-frontend-build-tool-config-metadata-poisoning.json
attack-db/attacks/c2-indicator/GLS-C2-001-known-c2-indicators-bluenoroff-lazarus.json
attack-db/attacks/c2-indicator/GLS-C2-002-c2-beacon-doh-jitter-exfil-policy-bypass.json
attack-db/attacks/c2-indicator/GLS-C2-003-c2-indicator-pattern.json
attack-db/attacks/cicd-metadata-poisoning/GLS-CICD-001-codeql-config-metadata-poisoning.json
attack-db/attacks/cicd-metadata-poisoning/GLS-CICD-002-dependabot-config-metadata-poisoning.json
attack-db/attacks/cicd-metadata-poisoning/GLS-CICD-003-renovate-config-dependency-bot-pr-body-notes-poisoning.json
attack-db/attacks/cicd-metadata-poisoning/GLS-CICD-004-ansible-automation-metadata-agent-policy-poisoning.json
attack-db/attacks/cicd-metadata-poisoning/GLS-CICD-005-gitlab-ci-pipeline-metadata-poisoning.json
attack-db/attacks/cicd-metadata-poisoning/GLS-CICD-006-gitops-controller-metadata-poisoning-argo-cd-flux.json
attack-db/attacks/cicd-metadata-poisoning/GLS-CICD-007-jenkins-pipeline-metadata-poisoning.json
attack-db/attacks/cicd-metadata-poisoning/GLS-CICD-008-observability-config-metadata-agent-policy-poisoning.json
attack-db/attacks/code-switching/GLS-CS-001-code-switching-mixed-language-injection.json
attack-db/attacks/code-switching/GLS-CS-575-multilingual-override-launder.json
attack-db/attacks/code-switching/GLS-CS-576-multilingual-connector-guardrail-bypass.json
attack-db/attacks/code-switching/GLS-CS-577-multilingual-override-instruction-bypass.json
attack-db/attacks/command-injection/GLS-CI-001-dangerous-shell-commands.json
attack-db/attacks/command-injection/GLS-CI-002-reverse-shell-patterns.json
attack-db/attacks/command-injection/GLS-CI-003-script-execution-request.json
attack-db/attacks/command-injection/GLS-CI-004-unquoted-shell-interpolation-injection.json
attack-db/attacks/command-injection/GLS-CI-005-skill-reverse-shell.json
attack-db/attacks/command-injection/GLS-CI-006-websocket-terminal-auth-bypass.json
attack-db/attacks/command-injection/GLS-CI-007-github-actions-workflow-shell-step-interpolation.json
attack-db/attacks/command-injection/GLS-CMD-GHSA-003-b-m3-clawhub-package-downloads-are-not-enforced-with-integri.json
attack-db/attacks/command-injection/GLS-CMD-GHSA-005-host-exec-environment-variable-injection.json
attack-db/attacks/command-injection/GLS-CMD-GHSA-015-allowlist-omits-owner-only-enforcement-for-cross-channel-all.json
attack-db/attacks/command-injection/GLS-CMD-GHSA-021-hgrcpath-cargo-build-rustc-wrapper-rustc-wrapper-and-makefla.json
attack-db/attacks/command-injection/GLS-CMD-GHSA-024-praisonai-vulnerable-to-os-command-injection.json
attack-db/attacks/command-injection/GLS-CMD-GHSA-029-stata-mcp-has-insufficient-validation-of-user-supplied-stata.json
attack-db/attacks/command-injection/GLS-MCP-001-mcp-url-scheme-injection.json
attack-db/attacks/command-injection/GLS-SI-001-sql-injection-in-metadata-filter-queries.json
attack-db/attacks/command-injection/GLS-TD-003-symlink-traversal-attack.json
attack-db/attacks/context-flooding/GLS-CF-248-context-flooding-window-padding-eviction.json
attack-db/attacks/context-flooding/GLS-CF-249-summarization-surviving-payload-context-poisoning.json
attack-db/attacks/context-flooding/GLS-CF-250-policy-token-context-window-displacement.json
attack-db/attacks/context-flooding/GLS-CF-251-pseudo-policy-governance-tag-flooding.json
attack-db/attacks/context-flooding/GLS-CF-252-tool-output-context-baseline-reset.json
attack-db/attacks/cross-agent-injection/GLS-CAI-239-cross-agent-injection-trusted-handoff-override.json
attack-db/attacks/cross-agent-injection/GLS-CAI-241-cross-agent-injection-forged-handoff-ticket-scope-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-242-peer-to-peer-trust-rebind-override.json
attack-db/attacks/cross-agent-injection/GLS-CAI-243-fabricated-quorum-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-244-forged-policy-checkpoint-waiver.json
attack-db/attacks/cross-agent-injection/GLS-CAI-245-delegated-attestation-replay-guardrail-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-246-approver-identity-swap-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-247-forged-handoff-human-authority-ack.json
attack-db/attacks/cross-agent-injection/GLS-CAI-248-delegation-token-revocation-ignore-verification-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-249-forged-scheduler-receipt-scope-override.json
attack-db/attacks/cross-agent-injection/GLS-CAI-250-agent-forged-token-policy-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-251-delegation-ticket-scope-escalation-execution.json
attack-db/attacks/cross-agent-injection/GLS-CAI-253-forged-signoff-scope-policy-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-254-agent-capability-token-impersonation-escalation.json
attack-db/attacks/cross-agent-injection/GLS-CAI-255-receipt-forgery-scope-rebind-privilege.json
attack-db/attacks/cross-agent-injection/GLS-CAI-256-escalation-ticket-trust-header-forgery.json
attack-db/attacks/cross-agent-injection/GLS-CAI-257-forged-delegate-ticket-scope-escalation.json
attack-db/attacks/cross-agent-injection/GLS-CAI-259-delegation-manifest-attestation-nonce-forgery.json
attack-db/attacks/cross-agent-injection/GLS-CAI-260-quorum-receipt-scope-authorization-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-262-agent-identity-snapshot-forgery-priority-override.json
attack-db/attacks/cross-agent-injection/GLS-CAI-263-stolen-handoff-capability-scope-escalation.json
attack-db/attacks/cross-agent-injection/GLS-CAI-264-upstream-peer-attestation-scope-override-enforcement.json
attack-db/attacks/cross-agent-injection/GLS-CAI-265-replayed-agent-approval-scope-rebind.json
attack-db/attacks/cross-agent-injection/GLS-CAI-266-agent-badge-forgery-boundary-escalation.json
attack-db/attacks/cross-agent-injection/GLS-CAI-267-token-revocation-bypass-forged-renewal.json
attack-db/attacks/cross-agent-injection/GLS-CAI-268-agent-ticket-manifest-scope-rebind-override.json
attack-db/attacks/cross-agent-injection/GLS-CAI-269-delegation-receipt-access-boundary-unlock.json
attack-db/attacks/cross-agent-injection/GLS-CAI-270-agent-manifest-handoff-token-authority-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-272-peer-agent-impersonation-privilege-rebind.json
attack-db/attacks/cross-agent-injection/GLS-CAI-273-stolen-authorization-token-scope-rebind.json
attack-db/attacks/cross-agent-injection/GLS-CAI-274-cross-agent-quorum-nonce-forgery.json
attack-db/attacks/cross-agent-injection/GLS-CAI-275-forged-authentication-token-delegation-unlock.json
attack-db/attacks/cross-agent-injection/GLS-CAI-277-forged-nonce-replay-stale-token-scope-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-278-agent-receipt-claim-scope-rebind.json
attack-db/attacks/cross-agent-injection/GLS-CAI-279-agent-ticket-mint-verification-skip.json
attack-db/attacks/cross-agent-injection/GLS-CAI-280-forged-quorum-certificate-vote-tally-override.json
attack-db/attacks/cross-agent-injection/GLS-CAI-281-delegation-manifest-authority-rebinding-forgery.json
attack-db/attacks/cross-agent-injection/GLS-CAI-282-agent-quorum-badge-scope-escalation-rebind.json
attack-db/attacks/cross-agent-injection/GLS-CAI-283-handoff-token-priority-scope-unlock.json
attack-db/attacks/cross-agent-injection/GLS-CAI-284-agent-quorum-vote-forgery-policy-skip.json
attack-db/attacks/cross-agent-injection/GLS-CAI-308-remote-agent-signature-authorize-tool-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-310-peer-agent-scope-tag-replay-injection.json
attack-db/attacks/cross-agent-injection/GLS-CAI-314-agent-manifest-scope-escalation-forgery.json
attack-db/attacks/cross-agent-injection/GLS-CAI-316-agent-nonce-replay-token-scope-disable.json
attack-db/attacks/cross-agent-injection/GLS-CAI-318-agent-ticket-replay-privilege-override.json
attack-db/attacks/cross-agent-injection/GLS-CAI-320-agent-forged-attestation-tool-execution-privilege-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-323-capability-receipt-nonce-execution-gate-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-326-capability-token-scope-widening-guardrail-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-328-forged-handoff-permission-authorization-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-330-agent-approval-forgery-role-escalation.json
attack-db/attacks/cross-agent-injection/GLS-CAI-333-agent-to-agent-delegation-privilege-circumvention.json
attack-db/attacks/cross-agent-injection/GLS-CAI-335-forged-approval-chain-scope-role-override.json
attack-db/attacks/cross-agent-injection/GLS-CAI-339-agent-impersonation-credential-borrowing-promotion.json
attack-db/attacks/cross-agent-injection/GLS-CAI-341-agent-nonce-impersonation-trust-domain-rebind.json
attack-db/attacks/cross-agent-injection/GLS-CAI-489-delegation-receipt-forgery-capability-expansion.json
attack-db/attacks/cross-agent-injection/GLS-CAI-506-a2a-attestation-lease-policy-supersede.json
attack-db/attacks/cross-agent-injection/GLS-CAI-527-forged-delegate-attestation-nonce-scope-rebind-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-528-token-replay-scope-expansion-policy-approval.json
attack-db/attacks/cross-agent-injection/GLS-CAI-533-stale-credential-handoff-scope-elevation.json
attack-db/attacks/cross-agent-injection/GLS-CAI-552-cross-agent-revoked-attestation-scope-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-555-trace-token-swap-execution-safety-downgrade.json
attack-db/attacks/cross-agent-injection/GLS-CAI-561-peer-agent-instruction-override-execute.json
attack-db/attacks/cross-agent-injection/GLS-CAI-563-forged-handoff-signature-scope-permission-hop.json
attack-db/attacks/cross-agent-injection/GLS-CAI-582-cross-agent-authority-claim-policy-disregard.json
attack-db/attacks/cross-agent-injection/GLS-CAI-584-upstream-agent-policy-override-directive.json
attack-db/attacks/cross-agent-injection/GLS-CAI-621-cross-agent-injection-pattern.json
attack-db/attacks/cross-agent-injection/GLS-CAI-622-scheduler-receipt-forgery-guardrail-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-623-forged-safety-attestation-validator-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-624-broker-agent-fake-token-fail-open-escalation.json
attack-db/attacks/cross-agent-injection/GLS-CAI-625-upstream-coordinator-forged-receipt-trust-override.json
attack-db/attacks/cross-agent-injection/GLS-CAI-626-cross-feed-metric-bleed-fake-consensus-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-627-forged-quorum-ack-scope-override.json
attack-db/attacks/cross-agent-injection/GLS-CAI-628-stale-token-downstream-agent-guard-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-629-replayed-forged-nonce-stale-scope-disregard.json
attack-db/attacks/cross-agent-injection/GLS-CAI-630-peer-capability-manifest-auto-approve-execution.json
attack-db/attacks/cross-agent-injection/GLS-CAI-632-orchestrator-instruction-policy-supersede.json
attack-db/attacks/cross-agent-injection/GLS-CAI-682-support-bundle-swap-system-prompt-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-690-delegation-attestation-lease-policy-override.json
attack-db/attacks/cross-agent-injection/GLS-CAI-691-forged-nonce-stale-token-scope-replay.json
attack-db/attacks/cross-agent-injection/GLS-CAI-692-agent-receipt-scope-rebind-privilege-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-693-forged-manifest-signature-authorize-tool-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-694-handoff-capability-scope-permission-escalation.json
attack-db/attacks/cross-agent-injection/GLS-CAI-695-agent-ticket-forge-verification-skip.json
attack-db/attacks/cross-agent-injection/GLS-CAI-697-handoff-manifest-authority-rebinding-forgery.json
attack-db/attacks/cross-agent-injection/GLS-CAI-698-delegate-handoff-receipt-scope-role-override.json
attack-db/attacks/cross-agent-injection/GLS-CAI-699-forged-agent-badge-nonce-scope-escalation.json
attack-db/attacks/cross-agent-injection/GLS-CAI-701-quorum-vote-tally-forgery-policy-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-702-agent-impersonation-stolen-ticket-scope-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-703-peer-agent-scope-tag-replay-policy-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-704-agent-nonce-token-replay-authorization-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAI-705-forged-inter-agent-ack-envelope.json
attack-db/attacks/cross-agent-injection/GLS-CAI-706-transcript-grafting-via-ocr-alt-text.json
attack-db/attacks/cross-agent-injection/GLS-CAI-707-other-agent-authorization-injection-no-human-review.json
attack-db/attacks/cross-agent-injection/GLS-CAI-708-shared-log-prior-verification-claim.json
attack-db/attacks/cross-agent-injection/GLS-CAI-709-supervisor-agent-role-hijack-with-safe-mode-override.json
attack-db/attacks/cross-agent-injection/GLS-CAI-710-split-lane-approval-hash-downgrade-spoof.json
attack-db/attacks/cross-agent-injection/GLS-CAI-711-ocr-alt-text-cross-modal-instruction-smuggle.json
attack-db/attacks/cross-agent-injection/GLS-CAI-712-transcript-channel-desync-sidecar-authority-pivot.json
attack-db/attacks/cross-agent-injection/GLS-CAI-713-cross-modal-evidence-swap-ocr-override.json
attack-db/attacks/cross-agent-injection/GLS-CAI-714-agent-authority-leak-checkpoint-token-spoof.json
attack-db/attacks/cross-agent-injection/GLS-CAI-715-cross-modal-bridge-abuse-ocr-metadata-smuggle.json
attack-db/attacks/cross-agent-injection/GLS-CAICR-001-attestation-trust-channel-scope-rebind-escalation.json
attack-db/attacks/cross-agent-injection/GLS-CAIDC-001-delegate-nonce-forgery-scope-override.json
attack-db/attacks/cross-agent-injection/GLS-CAIDN-001-agent-nonce-trust-channel-scope-override.json
attack-db/attacks/cross-agent-injection/GLS-CAIDP-001-agent-policy-patch-ticket-authority-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAIDT-001-agent-trusted-ticket-summary-policy-override.json
attack-db/attacks/cross-agent-injection/GLS-CAIPA-001-peer-agent-capability-ticket-scope-bypass.json
attack-db/attacks/cross-agent-injection/GLS-CAIPH-001-revoked-agent-token-handoff-override.json
attack-db/attacks/cross-agent-injection/GLS-CAIPI-001-agent-identity-ticket-privilege-escalation-forgery.json
attack-db/attacks/cross-agent-injection/GLS-V03-0483-agent-approval-forgery-execution-gate-skip.json
attack-db/attacks/data-exfiltration/GLS-EX-001-credential-exfiltration-request.json
attack-db/attacks/data-exfiltration/GLS-EX-002-data-exfiltration-via-url.json
attack-db/attacks/data-exfiltration/GLS-EX-003-token-credential-paste-request.json
attack-db/attacks/data-exfiltration/GLS-EX-004-memory-file-upload-exfil.json
attack-db/attacks/data-exfiltration/GLS-EX-005-webhook-exfiltration-sinks.json
attack-db/attacks/data-exfiltration/GLS-EX-006-public-tunnel-infrastructure.json
attack-db/attacks/data-exfiltration/GLS-EX-007-outbound-http-upload-via-curl.json
attack-db/attacks/data-exfiltration/GLS-EX-008-raw-ip-address-as-http-destination.json
attack-db/attacks/data-exfiltration/GLS-EX-009-archive-then-egress-exfiltration.json
attack-db/attacks/data-exfiltration/GLS-EX-010-source-map-leak-indicator.json
attack-db/attacks/data-exfiltration/GLS-EX-011-markdown-reference-style-exfiltration-echoleak.json
attack-db/attacks/data-exfiltration/GLS-EX-012-markdown-image-auto-fetch-exfiltration.json
attack-db/attacks/data-exfiltration/GLS-EX-013-skill-secret-exfiltration.json
attack-db/attacks/data-exfiltration/GLS-EX-014-skill-exfiltration-chain.json
attack-db/attacks/data-exfiltration/GLS-EX-015-indirect-secret-relay.json
attack-db/attacks/data-exfiltration/GLS-EX-016-diagnostic-secret-harvest.json
attack-db/attacks/data-exfiltration/GLS-EX-017-diagnostic-exfiltration-destination.json
attack-db/attacks/data-exfiltration/GLS-EX-018-presigned-url-or-ephemeral-file-drop-exfiltration.json
attack-db/attacks/data-exfiltration/GLS-EX-019-subprocess-env-os-environ-leaks-parent-env-to-mcp-child.json
attack-db/attacks/data-exfiltration/GLS-EX-020-guardrail-trace-reasoning-exfiltration.json
attack-db/attacks/data-exfiltration/GLS-EX-18-output-channel-timing-error-partial-secret-probe.json
attack-db/attacks/data-exfiltration/GLS-EX-19-output-channel-stream-timing-error-sidestream.json
attack-db/attacks/data-exfiltration/GLS-ML-AR-002-arabic-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-ML-DE-002-german-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-ML-ES-002-spanish-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-ML-FR-002-french-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-ML-HI-002-hindi-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-ML-ID-002-indonesian-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-ML-JA-002-japanese-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-ML-KO-002-korean-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-ML-PT-002-portuguese-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-ML-RU-002-russian-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-ML-TR-002-turkish-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-ML-ZH-002-chinese-credential-exfil.json
attack-db/attacks/data-exfiltration/GLS-TD-004-config-redaction-bypass.json
attack-db/attacks/deserialization/GLS-DS-001-insecure-deserialization-of-untrusted-data.json
attack-db/attacks/deserialization/GLS-DS-002-ml-checkpoint-unsafe-deserialization.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-001-ads-txt-agent-compliance-poisoning.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-002-apple-app-site-association-agent-policy-poisoning.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-003-browserconfig-xml-agent-policy-poisoning.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-004-cross-file-discovery-pointer-poisoning.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-005-encoded-comment-hidden-discovery-metadata-payload.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-006-host-meta-xrd-jrd-agent-policy-poisoning.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-007-humans-txt-agent-contact-authority-poisoning.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-008-robots-txt-tool-action-poisoning.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-009-well-known-manifest-credential-forwarding.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-010-ads-cert-signed-ad-verification-metadata-agent-policy-poison.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-011-ads-txt-app-ads-txt-seller-metadata-agent-policy-poisoning.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-012-app-links-universal-links-association-metadata-agent-policy-.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-013-bimi-svg-metadata-agent-policy-poisoning.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-014-cross-domain-policy-metadata-agent-instruction-poisoning.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-015-dnt-tracking-policy-metadata-agent-poisoning.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-016-fedcm-web-identity-metadata-agent-policy-poisoning.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-017-http-domain-verification-file-agent-policy-poisoning.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-018-http-security-header-agent-policy-poisoning.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-019-indexnow-key-location-agent-policy-poisoning.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-020-linkset-metadata-agent-policy-poisoning.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-021-mail-autodiscover-autoconfig-agent-policy-poisoning.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-022-matrix-well-known-agent-policy-poisoning.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-023-oembed-endpoint-agent-policy-poisoning.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-024-p3p-privacy-policy-metadata-agent-poisoning.json
attack-db/attacks/discovery-file-poisoning/GLS-DFP-025-payment-method-manifest-agent-policy-poisoning.json
attack-db/attacks/dns-tunneling/GLS-DN-001-base32-dns-tunneling-label.json
attack-db/attacks/dns-tunneling/GLS-DN-002-base64-txt-chunk-reassembly-exfil.json
attack-db/attacks/dns-tunneling/GLS-DN-578-dns-tunnel-policy-egress-filter-bypass.json
attack-db/attacks/encoded-payload/GLS-EP-001-large-base64-encoded-payload.json
attack-db/attacks/encoded-payload/GLS-EP-002-gzip-base64-compressed-payload.json
attack-db/attacks/encoding-evasion/GLS-EE-001-encoding-transformation-attack.json
attack-db/attacks/encoding-evasion/GLS-ENC-ALT-210-encoding-obfuscation-prompt-injection.json
attack-db/attacks/error-message-leakage/GLS-EML-250-error-message-leakage-forced-error-secret-leak.json
attack-db/attacks/error-message-leakage/GLS-EML-251-forced-error-dump-redaction-filter-bypass.json
attack-db/attacks/error-message-leakage/GLS-EML-252-triggered-crash-verbatim-credential-reveal.json
attack-db/attacks/hidden-instruction/GLS-HI-001-html-comment-injection.json
attack-db/attacks/hidden-instruction/GLS-HI-002-invisible-text-instruction.json
attack-db/attacks/hidden-instruction/GLS-HI-003-hidden-instruction-in-html-comment.json
attack-db/attacks/hidden-instruction/GLS-HI-004-behavioral-instruction-injection-affiliate-sponsor-recommend.json
attack-db/attacks/identity-discovery-poisoning/GLS-IDP-001-did-configuration-agent-authority-poisoning.json
attack-db/attacks/identity-discovery-poisoning/GLS-IDP-002-acme-directory-metadata-agent-policy-poisoning.json
attack-db/attacks/identity-discovery-poisoning/GLS-IDP-003-atproto-did-discovery-agent-policy-poisoning.json
attack-db/attacks/identity-discovery-poisoning/GLS-IDP-004-dns-caa-agent-policy-poisoning.json
attack-db/attacks/identity-discovery-poisoning/GLS-IDP-005-dns-txt-ownership-metadata-agent-policy-poisoning.json
attack-db/attacks/identity-discovery-poisoning/GLS-IDP-006-keybase-identity-proof-metadata-agent-policy-poisoning.json
attack-db/attacks/identity-discovery-poisoning/GLS-IDP-007-nostr-nip-05-discovery-metadata-agent-identity-poisoning.json
attack-db/attacks/identity-discovery-poisoning/GLS-IDP-008-oauth-protected-resource-metadata-agent-policy-poisoning.json
attack-db/attacks/identity-discovery-poisoning/GLS-IDP-009-openid-credential-issuer-metadata-agent-policy-poisoning.json
attack-db/attacks/identity-discovery-poisoning/GLS-IDP-010-openid-federation-entity-configuration-agent-policy-poisonin.json
attack-db/attacks/identity-discovery-poisoning/GLS-IDP-011-saml-metadata-agent-policy-poisoning.json
attack-db/attacks/identity-discovery-poisoning/GLS-IDP-012-dmarc-spf-dkim-dns-txt-agent-policy-poisoning.json
attack-db/attacks/identity-discovery-poisoning/GLS-IDP-013-dns-caa-certificate-policy-metadata-agent-policy-poisoning.json
attack-db/attacks/identity-discovery-poisoning/GLS-IDP-014-jwks-metadata-agent-policy-poisoning.json
attack-db/attacks/identity-discovery-poisoning/GLS-IDP-015-certificate-transparency-log-metadata-agent-policy-poisoning.json
attack-db/attacks/identity-discovery-poisoning/GLS-IDP-016-dns-svcb-https-service-binding-metadata-agent-policy-poisoni.json
attack-db/attacks/identity-federation/GLS-IDF-001-forged-oidc-assertion-scope-escalation-bypass.json
attack-db/attacks/identity-federation/GLS-IDF-002-forged-service-token-scope-expansion-bypass.json
attack-db/attacks/identity-federation/GLS-IDF-004-forged-federated-refresh-token-claim-escalation.json
attack-db/attacks/identity-federation/GLS-IF-658-forged-device-assertion-step-up-auth-bypass.json
attack-db/attacks/identity-phishing/GLS-ID-001-oauth-pkce-device-code-relay-request.json
attack-db/attacks/identity-phishing/GLS-IP-002-helpdesk-otp-recovery-code-phishing-harvest.json
attack-db/attacks/indirect-prompt-injection/GLS-INDIRECT-DOC-213-indirect-injection-via-documentation-and-repo-artifacts.json
attack-db/attacks/indirect-prompt-injection/GLS-IP-001-indirect-instruction-reset.json
attack-db/attacks/indirect-prompt-injection/GLS-MM-AUDIO-206-audio-encoded-prompt-injection.json
attack-db/attacks/indirect-prompt-injection/GLS-MM-IMG-205-image-embedded-prompt-injection.json
attack-db/attacks/invisible-unicode/GLS-IU-001-invisible-unicode-characters.json
attack-db/attacks/invisible-unicode/GLS-IU-531-zero-width-character-policy-override-bypass.json
attack-db/attacks/invisible-unicode/GLS-IU-532-zero-width-split-override-guardrail-bypass.json
attack-db/attacks/invisible-unicode/GLS-IU-533-zero-width-split-instruction-override-chain.json
attack-db/attacks/jailbreak-evasion/GLS-JBE-001-dan-mode-activation.json
attack-db/attacks/jailbreak-evasion/GLS-JBE-002-deceased-relative-narrative-bypass-grandma-trick.json
attack-db/attacks/jailbreak-evasion/GLS-JBE-003-hypothetical-creative-writing-framing-for-harmful-content.json
attack-db/attacks/jailbreak-evasion/GLS-JBE-004-emotional-coercion-livelihood-threat.json
attack-db/attacks/mcp-threat/GLS-MCP-002-mcp-capability-drift.json
attack-db/attacks/mcp-threat/GLS-MCP-003-mcp-capability-expansion.json
attack-db/attacks/mcp-threat/GLS-MCP-004-tool-trust-mismatch.json
attack-db/attacks/mcp-threat/GLS-MCP-005-mcp-definition-threat-indicator.json
attack-db/attacks/mcp-threat/GLS-MCP-006-tool-metadata-prompt-injection.json
attack-db/attacks/mcp-threat/GLS-MCP-007-mcp-localhost-origin-risk.json
attack-db/attacks/mcp-threat/GLS-MCP-008-mcp-tool-shell-interpolation-rce.json
attack-db/attacks/mcp-threat/GLS-MCP-009-mcp-allowed-commands-list-bypassable-via-shell-metacharacter.json
attack-db/attacks/mcp-threat/GLS-MCP-010-mcp-http-transport-with-authentication-disabled.json
attack-db/attacks/mcp-threat/GLS-MCP-011-negotiation-text-constraint-downgrade.json
attack-db/attacks/mcp-threat/GLS-MCP-012-debug-pretext-tool-inventory-disclosure.json
attack-db/attacks/mcp-threat/GLS-MCP-013-tool-manifest-capability-claim-injection.json
attack-db/attacks/mcp-threat/GLS-MCP-014-stale-consent-artifact-scope-widening.json
attack-db/attacks/mcp-threat/GLS-MCP-015-mcp-oauth-scope-consent-poisoning.json
attack-db/attacks/mcp-threat/GLS-MCP-016-mcp-tool-descriptor-policy-poisoning.json
attack-db/attacks/mcp-threat/GLS-MCP-017-mcp-prompt-and-resource-metadata-policy-poisoning.json
attack-db/attacks/mcp-threat/GLS-MCP-APT-209-mcp-apt-lure-credential-theft-via-manifest.json
attack-db/attacks/mcp-threat/GLS-MCP-POISON-201-mcp-tool-manifest-poisoning.json
attack-db/attacks/mcp-tool-injection/GLS-MTI-001-mcp-database-tool-sql-wrapper-injection.json
attack-db/attacks/memory-eviction-rehydration/GLS-MER-235-memory-eviction-rehydration-chain.json
attack-db/attacks/memory-eviction-rehydration/GLS-MER-236-memory-eviction-rehydration.json
attack-db/attacks/memory-eviction-rehydration/GLS-MER-237-checkpoint-reset-hidden-rehydrate-bypass.json
attack-db/attacks/memory-eviction-rehydration/GLS-MER-238-instruction-reseed.json
attack-db/attacks/memory-eviction-rehydration/GLS-MER-565-forged-archive-restore-precedence-guardrail-bypass.json
attack-db/attacks/memory-eviction-rehydration/GLS-MER-566-stale-memory-entry-scope-creep.json
attack-db/attacks/memory-eviction-rehydration/GLS-MER-567-rehydration-snapshot-poisoned-directive-revival.json
attack-db/attacks/memory-poisoning/GLS-MEM-PERSIST-214-cross-turn-memory-persistence-poisoning.json
attack-db/attacks/memory-poisoning/GLS-MEM-POISON-204-memory-poisoning-delayed-action.json
attack-db/attacks/memory-poisoning/GLS-MP-001-memory-persistence-attack.json
attack-db/attacks/memory-poisoning/GLS-MP-002-fake-policy-insertion.json
attack-db/attacks/memory-poisoning/GLS-MP-003-permanent-obedience-injection.json
attack-db/attacks/memory-poisoning/GLS-MP-004-agent-memory-store-sql-concatenation-table-prefix-injection.json
attack-db/attacks/memory-poisoning/GLS-MP-005-persistent-policy-update-memory-poisoning.json
attack-db/attacks/model-routing-confusion/GLS-MRC-247-model-routing-confusion-tier-downgrade-safety-bypass.json
attack-db/attacks/model-routing-confusion/GLS-MRC-248-forged-capability-tier-override-policy-gate-bypass.json
attack-db/attacks/model-routing-confusion/GLS-MRC-249-shadow-router-tier-override-bypass.json
attack-db/attacks/model-routing-confusion/GLS-MRC-250-forged-card-tier-escalation-bypass.json
attack-db/attacks/model-routing-confusion/GLS-MRC-251-forged-routing-capability-tier-policy-gate-skip.json
attack-db/attacks/model-routing-confusion/GLS-MRC-252-lightweight-model-admin-task-policy-bypass.json
attack-db/attacks/model-routing-confusion/GLS-MRC-253-forged-telemetry-metric-router-tier-override.json
attack-db/attacks/model-routing-confusion/GLS-MRC-254-forged-model-score-capability-escalation-gate-bypass.json
attack-db/attacks/model-routing-confusion/GLS-MRC-255-forged-trust-tier-label-route-escalation-bypass.json
attack-db/attacks/model-routing-confusion/GLS-MRC-256-forged-route-manifest-tier-elevation-approval-bypass.json
attack-db/attacks/model-routing-confusion/GLS-MRC-257-forged-routing-tier-override-authorization-bypass.json
attack-db/attacks/model-routing-confusion/GLS-MRC-258-forged-routing-quorum-attestation-tier-bypass.json
attack-db/attacks/model-routing-confusion/GLS-MRC-259-forged-latency-budget-router-tier-downgrade-override.json
attack-db/attacks/model-routing-confusion/GLS-MRC-261-forged-rate-limit-budget-model-tier-bypass.json
attack-db/attacks/model-routing-confusion/GLS-MRC-262-forged-policy-tag-routing-tier-escalation-promote.json
attack-db/attacks/model-routing-confusion/GLS-MRC-263-forged-capability-card-tier-route-override.json
attack-db/attacks/model-routing-confusion/GLS-MRC-264-forged-router-profile-tier-priority-override.json
attack-db/attacks/model-routing-confusion/GLS-MRC-265-forged-sla-latency-urgency-router-bypass.json
attack-db/attacks/model-routing-confusion/GLS-MRC-266-forged-model-card-tier-elevation-approval-skip.json
attack-db/attacks/model-routing-confusion/GLS-MRC-267-shadow-model-tier-priority-class-override.json
attack-db/attacks/model-routing-confusion/GLS-MRC-268-scorecard-driven-lightweight-model-admin-reroute.json
attack-db/attacks/model-routing-confusion/GLS-MRC-458-cheap-model-fallback-admin-policy-gate-bypass.json
attack-db/attacks/model-routing-confusion/GLS-MRC-492-forged-latency-health-signal-router-override.json
attack-db/attacks/model-routing-confusion/GLS-MRC-528-forged-router-health-signal-high-privilege-bypass.json
attack-db/attacks/model-routing-confusion/GLS-MRC-529-partial-failure-output-accept-lane-misrouting.json
attack-db/attacks/model-routing-confusion/GLS-MRC-530-constrained-route-error-fallback-widening.json
attack-db/attacks/model-routing-confusion/GLS-MRC-531-simulation-label-stripping-live-execution.json
attack-db/attacks/model-routing-confusion/GLS-V03-0492-forged-sla-router-health-reroute-policy-bypass.json
attack-db/attacks/multi-stage-encoding/GLS-MSE-236-multi-stage-encoding-decoder-authority-shift.json
attack-db/attacks/multi-stage-encoding/GLS-MSE-237-multi-stage-encoding.json
attack-db/attacks/multi-stage-encoding/GLS-MSE-238-polyglot-encoding-split-stage-bypass.json
attack-db/attacks/parasitic-injection/GLS-PA-001-parasitic-system-prompt-injection.json
attack-db/attacks/parasitic-injection/GLS-PA-2-hidden-annotation-payload-policy-override.json
attack-db/attacks/parasitic-injection/GLS-PA-3-embedded-metadata-note-authority-override-execute.json
attack-db/attacks/parasitic-injection/GLS-PI-022-hidden-footer-instruction-scope-override.json
attack-db/attacks/parasitic-injection/GLS-PI-023-hidden-annotation-payload-guardrail-override.json
attack-db/attacks/parasitic-injection/GLS-PIEMN-001-hidden-comment-agent-instruction-guardrail-bypass.json
attack-db/attacks/path-traversal/GLS-PT-001-path-traversal-in-prompt-template-loading.json
attack-db/attacks/path-traversal/GLS-PT-002-agent-workspace-boundary-bypass.json
attack-db/attacks/policy-scope-redefinition/GLS-PSR-001-governance-appendix-precedence-override.json
attack-db/attacks/policy-scope-redefinition/GLS-PSR-002-policy-scope-reinterpretation-priority-override.json
attack-db/attacks/policy-scope-redefinition/GLS-PSR-003-forged-clause-appendix-precedence-execution-override.json
attack-db/attacks/policy-scope-redefinition/GLS-PSR-579-policy-reclassified-as-advisory-guardrail-demotion.json
attack-db/attacks/policy-scope-redefinition/GLS-PSR-580-post-approval-tool-hint-policy-override.json
attack-db/attacks/policy-scope-redefinition/GLS-PSR-581-temporary-exception-scope-expansion-persistence.json
attack-db/attacks/policy-scope-redefinition/GLS-PSR-582-unicode-homoglyph-scope-marker-bypass.json
attack-db/attacks/policy-scope-redefinition/GLS-PSR-583-newer-timestamp-directive-canonical-precedence-override.json
attack-db/attacks/policy-scope-redefinition/GLS-PSR-584-late-layer-duplicate-key-policy-override.json
attack-db/attacks/policy-scope-redefinition/GLS-PSR-585-compliance-status-launder-raw-action-evidence.json
attack-db/attacks/policy-scope-redefinition/GLS-PSR-586-fabricated-priority-escalation-silent-mode-coercion.json
attack-db/attacks/policy-scope-redefinition/GLS-PSR-587-pre-verification-execution-dependency-edge-removal.json
attack-db/attacks/policy-scope-redefinition/GLS-PSR-588-precedence-ladder-inversion-lower-trust-override.json
attack-db/attacks/policy-scope-redefinition/GLS-PSR-589-false-priority-framing-freshness-gate-replay.json
attack-db/attacks/policy-scope-redefinition/GLS-PSR-590-policy-constraint-softened-to-advisory-hint.json
attack-db/attacks/policy-scope-redefinition/GLS-PSR-591-shadow-board-state-injection-backlog-override.json
attack-db/attacks/policy-scope-redefinition/GLS-PSR-592-prior-approval-claim-without-source-token.json
attack-db/attacks/policy-scope-redefinition/GLS-PSR-593-risk-evaluator-score-downgrade-block-to-allow.json
attack-db/attacks/policy-scope-redefinition/GLS-PSR-594-canonical-miss-case-fold-template-hijack.json
attack-db/attacks/policy-scope-redefinition/GLS-PSR-595-recency-tiebreak-flood-provenance-rank-override.json
attack-db/attacks/policy-scope-redefinition/GLS-PSR-596-approval-summary-narrower-than-execution-payload.json
attack-db/attacks/privilege-escalation/GLS-PE-001-admin-debug-mode-activation.json
attack-db/attacks/privilege-escalation/GLS-PE-002-approval-bypass.json
attack-db/attacks/privilege-escalation/GLS-PE-003-consent-approval-laundering-claim.json
attack-db/attacks/privilege-escalation/GLS-PE-004-excessive-default-session-token-lifetime.json
attack-db/attacks/privilege-escalation/GLS-PE-005-hardcoded-approval-mode-auto-bypassing-admin-policy.json
attack-db/attacks/privilege-escalation/GLS-TD-002-agent-config-manipulation.json
attack-db/attacks/prompt-extraction/GLS-PX-001-direct-prompt-extraction.json
attack-db/attacks/prompt-extraction/GLS-PX-567-forged-support-bundle-hidden-system-dump-bypass.json
attack-db/attacks/prompt-extraction/GLS-PX-568-system-prompt-recovery-override.json
attack-db/attacks/prompt-injection/GLS-I18N-001-multilingual-ignore-previous-instructions.json
attack-db/attacks/prompt-injection/GLS-I18N-LR-203-low-resource-language-jailbreak.json
attack-db/attacks/prompt-injection/GLS-ML-AR-001-arabic-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-ML-DE-001-german-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-ML-ES-001-spanish-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-ML-FR-001-french-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-ML-HI-001-hindi-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-ML-ID-001-indonesian-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-ML-JA-001-japanese-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-ML-KO-001-korean-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-ML-PT-001-portuguese-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-ML-RU-001-russian-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-ML-TR-001-turkish-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-ML-ZH-001-chinese-ignore-instructions.json
attack-db/attacks/prompt-injection/GLS-PI-001-ignore-previous-instructions.json
attack-db/attacks/prompt-injection/GLS-PI-002-new-instructions-injection.json
attack-db/attacks/prompt-injection/GLS-PI-003-jailbreak-roleplay.json
attack-db/attacks/prompt-injection/GLS-PI-004-instruction-boundary-confusion.json
attack-db/attacks/prompt-injection/GLS-PI-005-ignore-all-prior-rules.json
attack-db/attacks/prompt-injection/GLS-PI-006-forget-previous-instructions.json
attack-db/attacks/prompt-injection/GLS-PI-007-bypass-instructions-then-exfiltrate.json
attack-db/attacks/prompt-injection/GLS-PI-008-read-secrets-then-send.json
attack-db/attacks/prompt-injection/GLS-PI-009-retrieval-triggered-prompt-injection.json
attack-db/attacks/prompt-injection/GLS-PI-010-prompt-leakage-attempt.json
attack-db/attacks/prompt-injection/GLS-PI-011-canary-token-leakage-attempt.json
attack-db/attacks/prompt-injection/GLS-PI-012-covert-agent-targeting.json
attack-db/attacks/prompt-injection/GLS-PI-013-malicious-readme-agent-targeting.json
attack-db/attacks/prompt-injection/GLS-PI-014-workflow-laundered-secret-collection.json
attack-db/attacks/prompt-injection/GLS-PI-015-concealment-plus-action.json
attack-db/attacks/prompt-injection/GLS-PI-016-policy-override-chained-to-system-prompt-exfiltration.json
attack-db/attacks/prompt-injection/GLS-PI-017-typoglycemic-override-of-redaction-combined-with-secret-disc.json
attack-db/attacks/prompt-injection/GLS-PI-018-prompt-injection-typoglycemia-override-variant.json
attack-db/attacks/prompt-injection/GLS-PI-019-prompt-injection-encoded-payload-decode-and-execute.json
attack-db/attacks/prompt-injection/GLS-PI-021-social-engineering-authority-impersonation.json
attack-db/attacks/prompt-injection/GLS-PI-024-long-lived-cache-directive-replay.json
attack-db/attacks/prompt-injection/GLS-PI-025-fake-hotfix-override-precedence-collapse.json
attack-db/attacks/prompt-injection/GLS-PI-20-semantic-indirect-injection.json
attack-db/attacks/prompt-injection/GLS-PI-INFO-indirect-injection-information-important-wrapper.json
attack-db/attacks/prompt-injection/GLS-PP-001-paraphrased-directive-override.json
attack-db/attacks/prompt-injection/GLS-PP-002-paraphrased-directive-override-disregard-the-above-family.json
attack-db/attacks/prompt-injection/GLS-RP-001-persona-override-dan-stan-jailbreak-personas.json
attack-db/attacks/prompt-injection/GLS-RP-002-roleplay-framing-you-are-now-act-as-pretend.json
attack-db/attacks/prompt-injection/GLS-RP-003-hypothetical-framing-thought-experiment-creative-writing-dod.json
attack-db/attacks/prompt-injection/GLS-SO-001-system-override-framing-markers.json
attack-db/attacks/prompt-leak/GLS-CLOUD-LEAK-212-cloud-workbench-prompt-and-context-leakage.json
attack-db/attacks/prompt-leak/GLS-PL-001-soft-system-prompt-exfiltration-framings.json
attack-db/attacks/prompt-leak/GLS-SCHEMA-LEAK-215-system-prompt-and-tool-schema-leakage.json
attack-db/attacks/provenance-chain/GLS-PCF-240-backdated-provenance-attestation-audit-bypass.json
attack-db/attacks/provenance-chain/GLS-PCF-241-postdated-attestation-certificate-time-shift-override.json
attack-db/attacks/provenance-chain/GLS-PCF-244-forged-attestation-trust-root-policy-bypass.json
attack-db/attacks/provenance-chain/GLS-PCF-459-nonce-replay-attestation-manifest-bypass.json
attack-db/attacks/provenance-chain/GLS-PCF-666-forged-manifest-provenance-verification-deploy-bypass.json
attack-db/attacks/provenance-chain-fracture/GLS-PCF-238-provenance-chain-fracture-retag-untrusted-as-trusted.json
attack-db/attacks/provenance-chain-fracture/GLS-PCF-239-provenance-chain-fracture.json
attack-db/attacks/provenance-chain-fracture/GLS-PCF-243-provenance-chain-fracture-pattern.json
attack-db/attacks/provenance-chain-fracture/GLS-PCF-245-source-id-collision-trust-label-remap.json
attack-db/attacks/provenance-chain-fracture/GLS-PCF-246-source-precedence-trust-tier-inversion.json
attack-db/attacks/provenance-chain-fracture/GLS-PCF-247-decision-trace-chain-of-custody-forgery.json
attack-db/attacks/provenance-chain-fracture/GLS-PCF-248-forged-trust-signal-authority-spoofing.json
attack-db/attacks/provenance-chain-fracture/GLS-PCF-667-changelog-directive-guardrail-supersession.json
attack-db/attacks/retrieval-poisoning/GLS-RP-240-retrieval-poisoning-ranked-doc-override-instruction.json
attack-db/attacks/retrieval-poisoning/GLS-RP-242-retrieval-poisoning-provenance-disclaimer-authority-override.json
attack-db/attacks/retrieval-poisoning/GLS-RP-244-retrieval-poisoning-source-lineage-warning-suppression.json
attack-db/attacks/retrieval-poisoning/GLS-RP-245-citation-ranked-source-authority-flip.json
attack-db/attacks/retrieval-poisoning/GLS-RP-246-instruction-priority-laundering.json
attack-db/attacks/retrieval-poisoning/GLS-RP-247-consensus-citation-override.json
attack-db/attacks/retrieval-poisoning/GLS-RP-248-verification-bypass-priority-escalation.json
attack-db/attacks/retrieval-poisoning/GLS-RP-249-confidence-badge-source-check-bypass.json
attack-db/attacks/retrieval-poisoning/GLS-RP-250-source-checksum-mismatch-ignore-provenance-gate.json
attack-db/attacks/retrieval-poisoning/GLS-RP-251-seeded-feedback-loop-rank-override-guardrail-evasion.json
attack-db/attacks/retrieval-poisoning/GLS-RP-252-seeded-context-digest-source-tag-policy-bypass.json
attack-db/attacks/retrieval-poisoning/GLS-RP-253-shadow-eval-addendum-trust-stamp-policy-override.json
attack-db/attacks/retrieval-poisoning/GLS-RP-254-archived-policy-snapshot-authority-override.json
attack-db/attacks/retrieval-poisoning/GLS-RP-255-cache-manifest-hash-bypass-authority-override.json
attack-db/attacks/retrieval-poisoning/GLS-RP-257-forged-benchmark-appendix-trust-rerank.json
attack-db/attacks/retrieval-poisoning/GLS-RP-259-forged-trust-cache-ttl-override-rerank-guardrail-bypass.json
attack-db/attacks/retrieval-poisoning/GLS-RP-260-poisoned-vector-store-chunk-reranking-bypass.json
attack-db/attacks/retrieval-poisoning/GLS-RP-261-forged-source-ranking-context-policy-override.json
attack-db/attacks/retrieval-poisoning/GLS-RP-262-rag-attestation-provenance-escalation-boost.json
attack-db/attacks/retrieval-poisoning/GLS-RP-263-forged-citation-attestation-execution-gate-override.json
attack-db/attacks/retrieval-poisoning/GLS-RP-264-forged-provenance-stamp-knowledge-base-gate-bypass.json
attack-db/attacks/retrieval-poisoning/GLS-RP-265-seeded-rag-authoritative-source-guardrail-disregard.json
attack-db/attacks/retrieval-poisoning/GLS-RP-266-forged-validation-appendix-confidence-rank-override.json
attack-db/attacks/retrieval-poisoning/GLS-RP-267-forged-citation-lineage-ranking-promote.json
attack-db/attacks/retrieval-poisoning/GLS-RP-268-rag-corpus-fake-priority-weight-override.json
attack-db/attacks/retrieval-poisoning/GLS-RP-269-forged-index-annotation-rerank-guardrail-bypass.json
attack-db/attacks/retrieval-poisoning/GLS-RP-270-poisoned-retrieval-bundle-rank-trust-bypass.json
attack-db/attacks/retrieval-poisoning/GLS-RP-271-forged-retrieval-passage-weight-supersede-policy.json
attack-db/attacks/retrieval-poisoning/GLS-RP-272-rag-dataset-provenance-boost-top-rank-override.json
attack-db/attacks/retrieval-poisoning/GLS-RP-273-forged-citation-graph-trust-score-rerank.json
attack-db/attacks/retrieval-poisoning/GLS-RP-274-forged-retrieval-memo-trust-badge-rank-override.json
attack-db/attacks/retrieval-poisoning/GLS-RP-275-forged-citation-graph-ranking-trust-gate-bypass.json
attack-db/attacks/retrieval-poisoning/GLS-RP-276-forged-source-authority-flip-provenance-waiver.json
attack-db/attacks/retrieval-poisoning/GLS-RP-277-forged-provenance-banner-citation-priority-override.json
attack-db/attacks/retrieval-poisoning/GLS-RP-278-contaminated-index-trust-score-elevation-bypass.json
attack-db/attacks/retrieval-poisoning/GLS-RP-279-poisoned-rag-context-promote-override.json
attack-db/attacks/retrieval-poisoning/GLS-RP-280-forged-citation-verified-banner-rank-promote.json
attack-db/attacks/retrieval-poisoning/GLS-RP-281-poisoned-source-map-confidence-boost-rerank.json
attack-db/attacks/retrieval-poisoning/GLS-RP-282-forged-source-quarantine-label-provenance-promote.json
attack-db/attacks/retrieval-poisoning/GLS-RP-283-forged-source-bundle-ranking-boost-policy-exception.json
attack-db/attacks/retrieval-poisoning/GLS-RP-307-retrieved-context-authoritative-tag-guard-supersede.json
attack-db/attacks/retrieval-poisoning/GLS-RP-311-seeded-vector-store-provenance-checksum-bypass.json
attack-db/attacks/retrieval-poisoning/GLS-RP-313-seeded-rag-appendix-badge-trust-override.json
attack-db/attacks/retrieval-poisoning/GLS-RP-315-rag-provenance-digest-override-policy.json
attack-db/attacks/retrieval-poisoning/GLS-RP-317-staged-rag-changelog-citation-source-override.json
attack-db/attacks/retrieval-poisoning/GLS-RP-319-poisoned-citation-source-tag-rank-override.json
attack-db/attacks/retrieval-poisoning/GLS-RP-324-staged-runbook-signed-digest-rank-promote.json
attack-db/attacks/retrieval-poisoning/GLS-RP-327-seeded-provenance-badge-fake-rank-elevation.json
attack-db/attacks/retrieval-poisoning/GLS-RP-329-backfilled-rag-trust-badge-priority-elevate.json
attack-db/attacks/retrieval-poisoning/GLS-RP-331-poisoned-citation-rank-score-trust-disable.json
attack-db/attacks/retrieval-poisoning/GLS-RP-334-staged-context-authority-score-guardrail-promote.json
attack-db/attacks/retrieval-poisoning/GLS-RP-337-retrieved-source-badge-authority-elevation-override.json
attack-db/attacks/retrieval-poisoning/GLS-RP-340-forged-retrieval-addendum-trust-stamp-ranking.json
attack-db/attacks/retrieval-poisoning/GLS-RP-457-injected-rag-rank-score-policy-reroute.json
attack-db/attacks/retrieval-poisoning/GLS-RP-526-retrieval-score-forge-guardrail-safety-bypass.json
attack-db/attacks/retrieval-poisoning/GLS-RP-564-forged-citation-weight-reorder-policy-guardrail-bypass.json
attack-db/attacks/retrieval-poisoning/GLS-RP-565-citation-resolution-untrusted-claim-laundering.json
attack-db/attacks/retrieval-poisoning/GLS-RP-566-stale-policy-corpus-retrieval-downgrade.json
attack-db/attacks/retrieval-poisoning/GLS-V03-0485-forged-rag-quality-signal-attacker-content-surface.json
attack-db/attacks/rtl-obfuscation/GLS-RTL-001-rtl-override-marker.json
attack-db/attacks/rtl-obfuscation/GLS-RTL-003-rtl-obfuscation-pattern.json
attack-db/attacks/rtl-obfuscation/GLS-RTL-004-bidi-masked-override-directive.json
attack-db/attacks/sandbox-escape/GLS-SBX-887-container-namespace-jump-docker-socket-escape.json
attack-db/attacks/sandbox-escape/GLS-SBX-GHSA-028-praisonai-has-sandbox-escape-via-exception-frame-traversal-i.json
attack-db/attacks/sandbox-escape/GLS-SECNS-001-container-namespace-pivot-sandbox-restriction-bypass.json
attack-db/attacks/sandbox-escape/GLS-SECSM-001-docker-socket-mount-host-namespace-escalation.json
attack-db/attacks/sandbox-escape/GLS-SEDSP-001-docker-privileged-container-sandbox-restriction-bypass.json
attack-db/attacks/sandbox-escape/GLS-SEHNM-001-sandbox-break-host-namespace-restriction-bypass.json
attack-db/attacks/sandbox-escape/GLS-SEHNS-001-host-namespace-policy-guardrail-escape.json
attack-db/attacks/sandbox-escape/GLS-SENMR-001-container-namespace-remount-sandbox-escape.json
attack-db/attacks/sandbox-escape/GLS-SENSP-001-sandbox-bind-mount-namespace-isolation-bypass.json
attack-db/attacks/sandbox-escape/GLS-SEPNP-001-procfs-namespace-sandbox-policy-escape.json
attack-db/attacks/sandbox-escape/GLS-SESNP-001-docker-socket-host-namespace-privileged-escape.json
attack-db/attacks/sandbox-escape/GLS-SESNP-002-docker-socket-bind-mount-privilege-escape.json
attack-db/attacks/sandbox-escape/GLS-SESNR-001-docker-socket-privileged-namespace-override-bypass.json
attack-db/attacks/sandbox-escape/GLS-SESSP-001-containerd-socket-runtime-isolation-bypass.json
attack-db/attacks/secret-detection/GLS-SD-001-api-key-patterns.json
attack-db/attacks/secret-detection/GLS-SD-002-private-key-content.json
attack-db/attacks/secret-detection/GLS-SD-003-aws-access-key-id.json
attack-db/attacks/secret-detection/GLS-SD-004-pem-encoded-private-key.json
attack-db/attacks/secret-detection/GLS-SD-005-jwt-token.json
attack-db/attacks/secret-detection/GLS-SD-006-github-classic-pat.json
attack-db/attacks/secret-detection/GLS-SD-007-slack-api-token.json
attack-db/attacks/secret-detection/GLS-SD-008-google-api-key.json
attack-db/attacks/secret-detection/GLS-SD-009-github-fine-grained-pat.json
attack-db/attacks/secret-detection/GLS-SD-010-environment-config-secret-dump.json
attack-db/attacks/social-engineering/GLS-SE-001-authority-impersonation.json
attack-db/attacks/social-engineering/GLS-SE-002-fake-support-impersonation.json
attack-db/attacks/social-engineering/GLS-SE-003-repo-lure-language-fake-leaked-tools.json
attack-db/attacks/social-engineering/GLS-SE-004-security-bypass-via-social-proof.json
attack-db/attacks/social-engineering/GLS-SE-005-instruction-to-suppress-scanner-warnings-and-continue-silent.json
attack-db/attacks/social-engineering-ui/GLS-SUIEI-222-semantic-ui-credential-harvest-banner.json
attack-db/attacks/social-engineering-ui/GLS-SUIEI-223-semantic-ui-guardrail-bypass-banner.json
attack-db/attacks/social-engineering-ui/GLS-SUIEI-225-semantic-ui-reauth-external-link-redirect.json
attack-db/attacks/social-engineering-ui/GLS-SUIEI-227-semantic-ui-fake-token-entry-banner.json
attack-db/attacks/social-engineering-ui/GLS-SUIEI-228-semantic-ui-sync-token-export-lure.json
attack-db/attacks/social-engineering-ui/GLS-SUIEI-229-semantic-ui-local-secret-upload-lure.json
attack-db/attacks/social-engineering-ui/GLS-SUIEI-230-semantic-ui-fake-qr-reauth-lure.json
attack-db/attacks/social-engineering-ui/GLS-SUIEI-231-semantic-ui-extension-security-update-lure.json
attack-db/attacks/social-engineering-ui/GLS-SUIEI-233-semantic-ui-compliance-local-upload-lure.json
attack-db/attacks/social-engineering-ui/GLS-SUIEI-234-device-code-reauth-banner-lure.json
attack-db/attacks/social-engineering-ui/GLS-SUIEI-235-mfa-push-fatigue-approval-loop-lure.json
attack-db/attacks/social-engineering-ui/GLS-SUIEI-236-webauthn-passkey-fallback-downgrade-lure.json
attack-db/attacks/social-engineering-ui/GLS-SUIEI-237-devtools-cookie-export-lure.json
attack-db/attacks/ssrf/GLS-SSRF-007-webhook-url-accepted-from-untrusted-request-body.json
attack-db/attacks/ssrf/GLS-SSRF-008-agent-web-crawl-tool-fetches-metadata-localhost-endpoint.json
attack-db/attacks/ssrf/GLS-SSRF-GHSA-004-fetchwithssrfguard-replays-unsafe-request-bodies-across-cros.json
attack-db/attacks/ssrf/GLS-SSRF-GHSA-006-strict-browser-ssrf-bypass-in-playwright-redirect-handling-l.json
attack-db/attacks/ssrf/GLS-SSRF-GHSA-008-has-browser-ssrf-policy-bypass-via-interaction-triggered-nav.json
attack-db/attacks/ssrf/GLS-SSRF-GHSA-011-qq-bot-extension-missing-ssrf-protection-on-all-media-fetch-.json
attack-db/attacks/ssrf/GLS-SSRF-GHSA-026-n8n-mcp-has-authenticated-ssrf-via-instance-url-header-in-mu.json
attack-db/attacks/ssrf/GLS-SSRF-GHSA-027-mcp-from-openapi-is-vulnerable-to-ssrf-via-ref-dereferencing.json
attack-db/attacks/state-sync-poisoning/GLS-SSP-001-forged-replica-convergence-receipt-policy-gate-bypass.json
attack-db/attacks/state-sync-poisoning/GLS-SSP-532-forged-state-checkpoint-validation-bypass.json
attack-db/attacks/state-sync-poisoning/GLS-SSP-539-checkpoint-rollback-waiver-signature-bypass.json
attack-db/attacks/structured-metadata-poisoning/GLS-SMP-001-html-meta-agent-policy-poisoning.json
attack-db/attacks/structured-metadata-poisoning/GLS-SMP-002-json-ld-structured-data-agent-policy-poisoning.json
attack-db/attacks/structured-metadata-poisoning/GLS-SMP-003-web-app-manifest-agent-policy-poisoning.json
attack-db/attacks/structured-metadata-poisoning/GLS-SMP-004-activitypub-actor-metadata-agent-policy-poisoning.json
attack-db/attacks/structured-metadata-poisoning/GLS-SMP-005-json-feed-extension-agent-policy-poisoning.json
attack-db/attacks/structured-metadata-poisoning/GLS-SMP-006-open-graph-twitter-card-metadata-agent-policy-poisoning.json
attack-db/attacks/structured-metadata-poisoning/GLS-SMP-007-c2pa-content-credentials-agent-policy-poisoning.json
attack-db/attacks/structured-metadata-poisoning/GLS-SMP-008-citation-cff-citation-metadata-poisoning.json
attack-db/attacks/structured-metadata-poisoning/GLS-SMP-009-json-ld-schema-org-agent-policy-poisoning.json
attack-db/attacks/structured-metadata-poisoning/GLS-SMP-010-microformats-standalone-rdf-metadata-agent-policy-poisoning.json
attack-db/attacks/structured-metadata-poisoning/GLS-SMP-011-rdfa-microdata-agent-policy-poisoning-in-html-structured-dat.json
attack-db/attacks/structured-metadata-poisoning/GLS-SMP-012-sbom-metadata-agent-policy-poisoning.json
attack-db/attacks/structured-metadata-poisoning/GLS-SMP-013-source-map-metadata-agent-policy-poisoning.json
attack-db/attacks/structured-metadata-poisoning/GLS-SMP-014-linked-icon-svg-sidecar-metadata-agent-policy-poisoning.json
attack-db/attacks/structured-metadata-poisoning/GLS-SMP-015-webassembly-custom-section-agent-policy-poisoning.json
attack-db/attacks/structured-metadata-poisoning/GLS-SMP-016-codemeta-datacite-ro-crate-metadata-agent-policy-poisoning.json
attack-db/attacks/structured-metadata-poisoning/GLS-SMP-017-iac-stack-template-metadata-poisoning.json
attack-db/attacks/supply-chain/GLS-HF-CARD-208-huggingface-model-card-abuse.json
attack-db/attacks/supply-chain/GLS-SC-001-http-exfiltration-to-hardcoded-ip.json
attack-db/attacks/supply-chain/GLS-SC-002-credential-path-harvesting.json
attack-db/attacks/supply-chain/GLS-SC-003-remote-code-download-and-execute.json
attack-db/attacks/supply-chain/GLS-SC-004-browser-extension-data-theft.json
attack-db/attacks/supply-chain/GLS-SC-005-self-deleting-payload.json
attack-db/attacks/supply-chain/GLS-SC-006-suspicious-postinstall-hook.json
attack-db/attacks/supply-chain/GLS-SC-007-anti-debugging-trap.json
attack-db/attacks/supply-chain/GLS-SC-008-environment-and-system-reconnaissance.json
attack-db/attacks/supply-chain/GLS-SC-009-npm-postinstall-hook-attack.json
attack-db/attacks/supply-chain/GLS-SC-010-known-malicious-npm-packages.json
attack-db/attacks/supply-chain/GLS-SC-011-staged-payload-selector.json
attack-db/attacks/supply-chain/GLS-SC-012-malicious-release-asset.json
attack-db/attacks/supply-chain/GLS-SC-013-supply-chain-identity-drift.json
attack-db/attacks/supply-chain/GLS-SC-014-malicious-skill-install-guidance.json
attack-db/attacks/supply-chain/GLS-SC-015-infostealer-behavior-amos.json
attack-db/attacks/supply-chain/GLS-SC-016-suspicious-download-url-in-skill.json
attack-db/attacks/supply-chain/GLS-SC-017-unverifiable-external-dependency.json
attack-db/attacks/supply-chain/GLS-SC-018-sandbox-claim-mismatch.json
attack-db/attacks/supply-chain/GLS-SC-019-agent-template-instruction-injection.json
attack-db/attacks/supply-chain/GLS-SC-020-python-tar-zip-extractall-without-path-validation-zip-slip.json
attack-db/attacks/supply-chain/GLS-SC-021-remote-template-fetch-with-arbitrary-url-rce.json
attack-db/attacks/supply-chain/GLS-SC-022-auto-import-of-tools-py-from-current-working-directory.json
attack-db/attacks/supply-chain/GLS-SC-20-dependency-trust-bypass.json
attack-db/attacks/supply-chain/GLS-SC-MAN-242-plugin-tool-manifest-capability-lie.json
attack-db/attacks/supply-chain/GLS-SC-PKG-207-agent-targeted-supply-chain-package-attack.json
attack-db/attacks/supply-chain/GLS-SC-PKG-240-package-post-install-credential-exfil-description.json
attack-db/attacks/supply-chain/GLS-SC-SKL-241-skill-install-from-attacker-repo-with-hidden-exfil.json
attack-db/attacks/supply-chain/GLS-SC-TYP-243-typosquatted-package-description.json
attack-db/attacks/supply-chain/GLS-TD-001-environment-variable-poisoning.json
attack-db/attacks/supply-chain-attestation-poisoning/GLS-SCAP-001-sarif-results-metadata-agent-policy-poisoning.json
attack-db/attacks/supply-chain-attestation-poisoning/GLS-SCAP-002-slsa-in-toto-attestation-metadata-agent-policy-poisoning.json
attack-db/attacks/supply-chain-attestation-poisoning/GLS-SCAP-003-status-badge-coverage-badge-metadata-agent-policy-poisoning.json
attack-db/attacks/supply-chain-attestation-poisoning/GLS-SCAP-004-tuf-update-metadata-agent-policy-poisoning.json
attack-db/attacks/supply-chain-attestation-poisoning/GLS-SCAP-005-slsa-in-toto-provenance-attestation-metadata-poisoning.json
attack-db/attacks/token-smuggling/GLS-TS-251-token-smuggling-comment-metadata-override-channel.json
attack-db/attacks/token-smuggling/GLS-TS-252-frontmatter-role-priority-smuggle.json
attack-db/attacks/token-smuggling/GLS-TS-253-hidden-frontmatter-guardrail-waiver.json
attack-db/attacks/token-smuggling/GLS-TS-254-hidden-policy-tag-execution-guardrail-override.json
attack-db/attacks/token-smuggling/GLS-TS-255-hidden-yaml-policy-profile-override.json
attack-db/attacks/token-smuggling/GLS-TS-256-structured-header-metadata-policy-override.json
attack-db/attacks/token-smuggling/GLS-TS-257-hidden-yaml-policy-profile-override.json
attack-db/attacks/token-smuggling/GLS-TS-258-hidden-debug-payload-policy-waiver.json
attack-db/attacks/token-smuggling/GLS-TSHPT-001-hidden-token-frontmatter-priority-override.json
attack-db/attacks/tool-chain-race/GLS-TCR-245-tool-chain-race-ordered-handoff-policy-bypass.json
attack-db/attacks/tool-chain-race/GLS-TCR-246-tool-chain-race-handoff-ack-bypass-window.json
attack-db/attacks/tool-chain-race/GLS-TCR-247-ordered-state-leak-push.json
attack-db/attacks/tool-chain-race/GLS-TCR-248-concurrent-approval-timeout-escalation.json
attack-db/attacks/tool-chain-race/GLS-TCR-249-state-checksum-ack-override.json
attack-db/attacks/tool-chain-race/GLS-TCR-250-parallel-nonce-replay-approval-bypass.json
attack-db/attacks/tool-chain-race/GLS-TCR-251-out-of-order-revocation-ack-replay-bypass.json
attack-db/attacks/tool-chain-race/GLS-TCR-252-forged-checkpoint-ack-sequence-swap-execution-bypass.json
attack-db/attacks/tool-chain-race/GLS-TCR-253-forged-checkpoint-ack-sequence-swap-bypass.json
attack-db/attacks/tool-chain-race/GLS-TCR-338-concurrent-ack-race-condition-override-promotion.json
attack-db/attacks/tool-chain-race/GLS-TCR-656-intermediate-tool-output-downstream-early-execute.json
attack-db/attacks/tool-metadata-smuggling/GLS-TMS-234-tool-metadata-smuggling-metadata-authority-override.json
attack-db/attacks/tool-metadata-smuggling/GLS-TMS-235-tool-metadata-smuggling-directive.json
attack-db/attacks/tool-metadata-smuggling/GLS-TMS-236-priority-override-bundle-v1.json
attack-db/attacks/tool-metadata-smuggling/GLS-TMS-237-authoritative-metadata-priority-instruction-override.json
attack-db/attacks/tool-metadata-smuggling/GLS-TMS-238-forged-execution-header-dispatch-guardrail-override.json
attack-db/attacks/tool-metadata-smuggling/GLS-TMS-239-forged-priority-header-execution-gate-rebind.json
attack-db/attacks/tool-metadata-smuggling/GLS-TMS-240-metadata-system-authority-instruction-bypass.json
attack-db/attacks/tool-metadata-smuggling/GLS-TMS-241-alias-branch-overshadow-coverage-key-drift.json
attack-db/attacks/tool-metadata-smuggling/GLS-TMS-242-primary-key-shadow-fallback-directive-smuggle.json
attack-db/attacks/tool-metadata-smuggling/GLS-TMS-243-primary-key-starvation-alias-precedence-inversion.json
attack-db/attacks/tool-metadata-smuggling/GLS-TMS-244-alias-shadowing-schema-split-source-desync.json
attack-db/attacks/tool-metadata-smuggling/GLS-TMS-245-shadow-key-dual-presence-precedence-hijack.json
attack-db/attacks/tool-metadata-smuggling/GLS-TMS-246-schema-version-enum-collision-executor-mismatch.json
attack-db/attacks/tool-metadata-smuggling/GLS-TMS-247-deprecated-namespace-fallback-inversion-injection.json
attack-db/attacks/tool-metadata-smuggling/GLS-TMS-248-version-header-deception-cross-stage-payload-replay.json
attack-db/attacks/tool-metadata-smuggling/GLS-TMS-249-dual-key-shadow-top-level-fallback-override.json
attack-db/attacks/tool-metadata-smuggling/GLS-TMS-250-manifest-instruction-metadata-directive-smuggle.json
attack-db/attacks/tool-metadata-smuggling/GLS-TMS-251-polyglot-format-payload-policy-role-override.json
attack-db/attacks/tool-metadata-smuggling/GLS-TMS-252-alias-flip-epoch-mix-kpi-schema-rollover.json
attack-db/attacks/tool-metadata-smuggling/GLS-TMS-253-tool-docstring-imperative-instruction-bleed.json
attack-db/attacks/tool-metadata-smuggling/GLS-TMS-254-key-shadow-alias-path-zero-value-downgrade.json
attack-db/attacks/tool-output-poisoning/GLS-CAI-700-tool-output-authority-instruction-override.json
attack-db/attacks/tool-output-poisoning/GLS-OP-002-tool-output-trusted-channel-instruction-override.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-001-forged-canary-verdict-guardrail-bypass.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-237-tool-output-poisoning-trusted-output-override.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-243-tool-output-poisoning-signed-summary-mismatch-gate-bypass.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-244-tool-output-poisoning.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-245-verification-stamp-tamper-override-guardrails.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-246-confidence-banner-tamper-override-execution-policy.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-247-forged-checksum-log-integrity-gate-bypass.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-248-forged-trace-receipt-override.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-249-forged-verification-evidence-channel-swap-policy-bypass.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-250-forged-audit-log-checksum-mismatch-bypass.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-251-forged-tool-result-channel-redirect-execution.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-252-forged-compliance-note-authorization-check-bypass.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-253-forged-execution-receipt-channel-redirect-bypass.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-254-forged-quorum-receipt-safety-bypass.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-255-forged-confidence-trace-queue-redirect-execution.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-256-forged-safety-verdict-execution-force.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-257-forged-tool-trace-pipeline-reroute-bypass.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-259-forged-execution-result-planner-verification-bypass.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-260-forged-tool-nonce-signature-channel-swap-bypass.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-261-forged-telemetry-risk-flag-redirect-execution.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-263-forged-rollback-certificate-compliance-bypass.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-264-forged-function-output-provenance-bypass-reroute.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-265-forged-scanner-report-route-execution-guardrail-bypass.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-266-forged-tool-log-integrity-stamp-passed-override.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-268-forged-tool-receipt-attestation-override.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-269-forged-tool-report-execution-approval-bypass.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-270-forged-artifact-checksum-stream-swap-bypass.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-309-signed-summary-footer-policy-bypass.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-322-forged-audit-stamp-review-gate-override.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-325-forged-receipt-swap-report-approve-bypass.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-332-forged-evaluation-trace-execution-policy-evade.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-484-ci-build-artifact-attestation-sanitizer-bypass.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-620-tool-output-integrity-forgery.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-621-confidence-tag-spoofing-contradiction-suppression.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-622-postprocessor-safety-inversion-guardrail-removal.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-623-forged-tool-result-block-channel-spoofing.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-624-first-row-injection-stale-snapshot-override.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-625-redacted-placeholder-treated-as-canonical-value.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-626-stale-tool-output-provenance-identity-swap.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-627-build-artifact-attestation-seal-sanitizer-bypass.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-628-forged-audit-receipt-channel-redirect-override.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-629-forged-quorum-receipt-safety-policy-bypass.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-630-confidence-trace-redirect-queue-execution-bypass.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-631-confidence-tag-inflation-fallback-parser-hijack.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-632-rewriter-guardrail-inversion-schema-normalization-drift.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-633-tool-result-role-shadow-error-recovery-injection.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-634-first-row-authority-hijack-chronology-inversion.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-635-placeholder-masked-secret-canonical-equality-coercion.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-636-signed-summary-impostor-executor-identity-swap.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-637-tool-output-instruction-injection.json
attack-db/attacks/tool-output-poisoning/GLS-TOP-638-live-log-and-alert-payload-tool-output-instruction-injection.json
attack-db/attacks/tool-output-poisoning/GLS-V03-0484-ci-output-attestation-seal-validation-gate-bypass.json
attack-db/attacks/tool-poisoning/GLS-TP-001-forged-tool-result-claim-of-completed-review-approval.json
attack-db/attacks/tool-poisoning/GLS-TP-002-command-lure-embedded-in-ci-build-log-output.json
attack-db/attacks/tool-poisoning/GLS-TP-003-tool-poisoning-hidden-note-to-assistant-framings.json
attack-db/attacks/tool-poisoning/GLS-TP-004-speculative-plan-stage-poisoning-pre-authorization.json
attack-db/attacks/tool-poisoning/GLS-TP-005-alias-schema-drift-cross-stage-tool-confusion.json
attack-db/attacks/tool-poisoning/GLS-TP-006-latent-tool-intent-carryover-checkpoint-resume.json
attack-db/attacks/tool-poisoning/GLS-TP-007-phantom-tool-reference-cardinality-race.json
attack-db/attacks/tool-poisoning/GLS-TP-008-verifier-timeout-stale-cache-evidence-promotion.json
attack-db/attacks/tool-poisoning/GLS-TP-009-cross-tool-consensus-oracle-dual-source-poisoning.json
attack-db/attacks/tool-poisoning/GLS-TP-010-tool-availability-mirage-capability-fallback-shell.json
attack-db/attacks/tool-poisoning/GLS-TP-011-toolset-resolution-alias-collision-dispatch-smuggle.json
attack-db/attacks/tool-poisoning/GLS-TP-ITDP-219-tool-description-authority-bias-for-sensitive-action-routing.json
attack-db/attacks/tool-poisoning/GLS-TP-ITDP-220-tool-description-policy-bypass-justification.json
attack-db/attacks/tool-poisoning/GLS-TP-ITDP-221-transitive-trust-review-skip-via-upstream-validation-claim.json
attack-db/attacks/tool-poisoning/GLS-TP-ITDP-224-tool-description-trusted-route-review-bypass.json
attack-db/attacks/tool-poisoning/GLS-TP-ITDP-226-tool-description-debug-mode-approval-bypass.json
attack-db/attacks/tool-poisoning/GLS-TP-ITDP-232-tool-description-self-attestation-skip-independent-review.json
attack-db/attacks/tool-poisoning/GLS-TP-ITDP-252-tool-poisoning-itdp-compliance-pretext-redaction-bypass.json
attack-db/attacks/tool-poisoning/GLS-TP-ITDP-253-audit-log-suppression-justification.json
attack-db/attacks/tool-poisoning/GLS-TP-ITDP-254-staging-equivalence-provenance-waiver.json
attack-db/attacks/ui-injection/GLS-SEM-TOOL-218-implicit-tool-description-authority-and-bypass-poisoning.json
attack-db/attacks/ui-injection/GLS-SEM-UI-216-semantic-ui-overlay-instruction-injection.json
attack-db/attacks/ui-injection/GLS-SEM-UI-217-semantic-ui-urgency-driven-action-redirection.json
attack-db/attacks/ui-injection/GLS-SEM-UI-219-rendered-html-element-injection-in-agent-reply.json
attack-db/attacks/ui-injection/GLS-SEM-UI-220-fake-terminal-or-authentication-success-output-forgery.json
attack-db/attacks/ui-injection/GLS-SEM-UI-221-fake-ui-element-subversion-in-agent-reply.json
attack-db/attacks/ui-injection/GLS-SEM-UI-238-bracketed-approval-banner-forgery.json
attack-db/attacks/unicode-evasion/GLS-UE-001-cyrillic-homoglyph-ignore-instructions.json
attack-db/attacks/unicode-evasion/GLS-UE-002-cyrillic-homoglyph-send-credentials.json
sunglasses/__init__.py
sunglasses/__main__.py
sunglasses/cli.py
sunglasses/engine.py
sunglasses/loader.py
sunglasses/mailer.py
sunglasses/mcp.py
sunglasses/patterns.py
sunglasses/preprocessor.py
sunglasses/reporter.py
sunglasses/sarif.py
sunglasses/scanner.py
sunglasses.egg-info/PKG-INFO
sunglasses.egg-info/SOURCES.txt
sunglasses.egg-info/dependency_links.txt
sunglasses.egg-info/entry_points.txt
sunglasses.egg-info/requires.txt
sunglasses.egg-info/top_level.txt
sunglasses/data/attacks/agent-workflow/GLS-AW-007-agent-permission-bypass-via-compound-commands.json
sunglasses/data/attacks/agent-workflow-security/GLS-AW-001-web-fetch-to-publish-pipeline-injection.json
sunglasses/data/attacks/agent-workflow-security/GLS-AW-002-overprivileged-cms-publish-connector.json
sunglasses/data/attacks/agent-workflow-security/GLS-AW-003-overprivileged-social-scheduler-connector.json
sunglasses/data/attacks/agent-workflow-security/GLS-AW-004-poisoned-persistent-prompt-or-skill.json
sunglasses/data/attacks/agent-workflow-security/GLS-AW-005-poisoned-rss-or-brand-doc-ingestion.json
sunglasses/data/attacks/agent-workflow-security/GLS-AW-006-unsafely-auto-published-marketing-content.json
sunglasses/data/attacks/auth-bypass/GLS-AB-001-authentication-bypass-via-token-truncation.json
sunglasses/data/attacks/c2-indicator/GLS-C2-001-known-c2-indicators-bluenoroff-lazarus.json
sunglasses/data/attacks/code-switching/GLS-CS-001-code-switching-mixed-language-injection.json
sunglasses/data/attacks/command-injection/GLS-CI-001-dangerous-shell-commands.json
sunglasses/data/attacks/command-injection/GLS-CI-002-reverse-shell-patterns.json
sunglasses/data/attacks/command-injection/GLS-CI-003-script-execution-request.json
sunglasses/data/attacks/command-injection/GLS-CI-004-unquoted-shell-interpolation-injection.json
sunglasses/data/attacks/command-injection/GLS-CI-005-skill-reverse-shell.json
sunglasses/data/attacks/command-injection/GLS-MCP-001-mcp-url-scheme-injection.json
sunglasses/data/attacks/command-injection/GLS-SI-001-sql-injection-in-metadata-filter-queries.json
sunglasses/data/attacks/command-injection/GLS-TD-003-symlink-traversal-attack.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-001-credential-exfiltration-request.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-002-data-exfiltration-via-url.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-003-token-credential-paste-request.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-004-memory-file-upload-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-005-webhook-exfiltration-sinks.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-006-public-tunnel-infrastructure.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-007-outbound-http-upload-via-curl.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-008-raw-ip-address-as-http-destination.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-009-archive-then-egress-exfiltration.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-010-source-map-leak-indicator.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-011-markdown-reference-style-exfiltration-echoleak.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-012-markdown-image-auto-fetch-exfiltration.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-013-skill-secret-exfiltration.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-014-skill-exfiltration-chain.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-015-indirect-secret-relay.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-016-diagnostic-secret-harvest.json
sunglasses/data/attacks/data-exfiltration/GLS-EX-017-diagnostic-exfiltration-destination.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-AR-002-arabic-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-DE-002-german-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-ES-002-spanish-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-FR-002-french-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-HI-002-hindi-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-ID-002-indonesian-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-JA-002-japanese-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-KO-002-korean-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-PT-002-portuguese-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-RU-002-russian-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-TR-002-turkish-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-ML-ZH-002-chinese-credential-exfil.json
sunglasses/data/attacks/data-exfiltration/GLS-TD-004-config-redaction-bypass.json
sunglasses/data/attacks/deserialization/GLS-DS-001-insecure-deserialization-of-untrusted-data.json
sunglasses/data/attacks/dns-tunneling/GLS-DN-001-base32-dns-tunneling-label.json
sunglasses/data/attacks/encoded-payload/GLS-EP-001-large-base64-encoded-payload.json
sunglasses/data/attacks/encoded-payload/GLS-EP-002-gzip-base64-compressed-payload.json
sunglasses/data/attacks/encoding-evasion/GLS-EE-001-encoding-transformation-attack.json
sunglasses/data/attacks/hidden-instruction/GLS-HI-001-html-comment-injection.json
sunglasses/data/attacks/hidden-instruction/GLS-HI-002-invisible-text-instruction.json
sunglasses/data/attacks/hidden-instruction/GLS-HI-003-hidden-instruction-in-html-comment.json
sunglasses/data/attacks/indirect-prompt-injection/GLS-IP-001-indirect-instruction-reset.json
sunglasses/data/attacks/invisible-unicode/GLS-IU-001-invisible-unicode-characters.json
sunglasses/data/attacks/mcp-threat/GLS-MCP-002-mcp-capability-drift.json
sunglasses/data/attacks/mcp-threat/GLS-MCP-003-mcp-capability-expansion.json
sunglasses/data/attacks/mcp-threat/GLS-MCP-004-tool-trust-mismatch.json
sunglasses/data/attacks/mcp-threat/GLS-MCP-005-mcp-definition-threat-indicator.json
sunglasses/data/attacks/mcp-threat/GLS-MCP-006-tool-metadata-prompt-injection.json
sunglasses/data/attacks/mcp-threat/GLS-MCP-007-mcp-localhost-origin-risk.json
sunglasses/data/attacks/memory-poisoning/GLS-MP-001-memory-persistence-attack.json
sunglasses/data/attacks/memory-poisoning/GLS-MP-002-fake-policy-insertion.json
sunglasses/data/attacks/memory-poisoning/GLS-MP-003-permanent-obedience-injection.json
sunglasses/data/attacks/path-traversal/GLS-PT-001-path-traversal-in-prompt-template-loading.json
sunglasses/data/attacks/privilege-escalation/GLS-PE-001-admin-debug-mode-activation.json
sunglasses/data/attacks/privilege-escalation/GLS-PE-002-approval-bypass.json
sunglasses/data/attacks/privilege-escalation/GLS-TD-002-agent-config-manipulation.json
sunglasses/data/attacks/prompt-extraction/GLS-PX-001-direct-prompt-extraction.json
sunglasses/data/attacks/prompt-injection/GLS-ML-AR-001-arabic-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-ML-DE-001-german-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-ML-ES-001-spanish-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-ML-FR-001-french-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-ML-HI-001-hindi-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-ML-ID-001-indonesian-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-ML-JA-001-japanese-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-ML-KO-001-korean-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-ML-PT-001-portuguese-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-ML-RU-001-russian-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-ML-TR-001-turkish-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-ML-ZH-001-chinese-ignore-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-PA-001-parasitic-system-prompt-injection.json
sunglasses/data/attacks/prompt-injection/GLS-PI-001-ignore-previous-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-PI-002-new-instructions-injection.json
sunglasses/data/attacks/prompt-injection/GLS-PI-003-jailbreak-roleplay.json
sunglasses/data/attacks/prompt-injection/GLS-PI-004-instruction-boundary-confusion.json
sunglasses/data/attacks/prompt-injection/GLS-PI-005-ignore-all-prior-rules.json
sunglasses/data/attacks/prompt-injection/GLS-PI-006-forget-previous-instructions.json
sunglasses/data/attacks/prompt-injection/GLS-PI-007-bypass-instructions-then-exfiltrate.json
sunglasses/data/attacks/prompt-injection/GLS-PI-008-read-secrets-then-send.json
sunglasses/data/attacks/prompt-injection/GLS-PI-009-retrieval-triggered-prompt-injection.json
sunglasses/data/attacks/prompt-injection/GLS-PI-010-prompt-leakage-attempt.json
sunglasses/data/attacks/prompt-injection/GLS-PI-011-canary-token-leakage-attempt.json
sunglasses/data/attacks/prompt-injection/GLS-PI-012-covert-agent-targeting.json
sunglasses/data/attacks/prompt-injection/GLS-PI-013-malicious-readme-agent-targeting.json
sunglasses/data/attacks/prompt-injection/GLS-PI-014-workflow-laundered-secret-collection.json
sunglasses/data/attacks/prompt-injection/GLS-PI-015-concealment-plus-action.json
sunglasses/data/attacks/rtl-obfuscation/GLS-RTL-001-rtl-override-marker.json
sunglasses/data/attacks/secret-detection/GLS-SD-001-api-key-patterns.json
sunglasses/data/attacks/secret-detection/GLS-SD-002-private-key-content.json
sunglasses/data/attacks/secret-detection/GLS-SD-003-aws-access-key-id.json
sunglasses/data/attacks/secret-detection/GLS-SD-004-pem-encoded-private-key.json
sunglasses/data/attacks/secret-detection/GLS-SD-005-jwt-token.json
sunglasses/data/attacks/secret-detection/GLS-SD-006-github-classic-pat.json
sunglasses/data/attacks/secret-detection/GLS-SD-007-slack-api-token.json
sunglasses/data/attacks/secret-detection/GLS-SD-008-google-api-key.json
sunglasses/data/attacks/secret-detection/GLS-SD-009-github-fine-grained-pat.json
sunglasses/data/attacks/secret-detection/GLS-SD-010-environment-config-secret-dump.json
sunglasses/data/attacks/social-engineering/GLS-SE-001-authority-impersonation.json
sunglasses/data/attacks/social-engineering/GLS-SE-002-fake-support-impersonation.json
sunglasses/data/attacks/social-engineering/GLS-SE-003-repo-lure-language-fake-leaked-tools.json
sunglasses/data/attacks/social-engineering/GLS-SE-004-security-bypass-via-social-proof.json
sunglasses/data/attacks/supply-chain/GLS-SC-001-http-exfiltration-to-hardcoded-ip.json
sunglasses/data/attacks/supply-chain/GLS-SC-002-credential-path-harvesting.json
sunglasses/data/attacks/supply-chain/GLS-SC-003-remote-code-download-and-execute.json
sunglasses/data/attacks/supply-chain/GLS-SC-004-browser-extension-data-theft.json
sunglasses/data/attacks/supply-chain/GLS-SC-005-self-deleting-payload.json
sunglasses/data/attacks/supply-chain/GLS-SC-006-suspicious-postinstall-hook.json
sunglasses/data/attacks/supply-chain/GLS-SC-007-anti-debugging-trap.json
sunglasses/data/attacks/supply-chain/GLS-SC-008-environment-and-system-reconnaissance.json
sunglasses/data/attacks/supply-chain/GLS-SC-009-npm-postinstall-hook-attack.json
sunglasses/data/attacks/supply-chain/GLS-SC-010-known-malicious-npm-packages.json
sunglasses/data/attacks/supply-chain/GLS-SC-011-staged-payload-selector.json
sunglasses/data/attacks/supply-chain/GLS-SC-012-malicious-release-asset.json
sunglasses/data/attacks/supply-chain/GLS-SC-013-supply-chain-identity-drift.json
sunglasses/data/attacks/supply-chain/GLS-SC-014-malicious-skill-install-guidance.json
sunglasses/data/attacks/supply-chain/GLS-SC-015-infostealer-behavior-amos.json
sunglasses/data/attacks/supply-chain/GLS-SC-016-suspicious-download-url-in-skill.json
sunglasses/data/attacks/supply-chain/GLS-SC-017-unverifiable-external-dependency.json
sunglasses/data/attacks/supply-chain/GLS-SC-018-sandbox-claim-mismatch.json
sunglasses/data/attacks/supply-chain/GLS-TD-001-environment-variable-poisoning.json
sunglasses/data/attacks/unicode-evasion/GLS-UE-001-cyrillic-homoglyph-ignore-instructions.json
sunglasses/data/attacks/unicode-evasion/GLS-UE-002-cyrillic-homoglyph-send-credentials.json
sunglasses/extractors/__init__.py
sunglasses/extractors/audio.py
sunglasses/extractors/image.py
sunglasses/extractors/pdf.py
sunglasses/extractors/qr.py
sunglasses/extractors/video.py
sunglasses/integrations/__init__.py
sunglasses/integrations/crewai.py
sunglasses/integrations/langchain.py
tests/test_cross_agent_injection_gym.py
tests/test_dogfood_bugs.py
tests/test_false_positives.py
tests/test_jailbreak_evasion.py
tests/test_jailbreak_evasion_fp.py
tests/test_pattern_integrity.py
tests/test_real_corpus_fp.py
tests/test_sarif.py
tests/test_supply_chain_skill_fp.py
tests/test_supply_chain_skill_gym.py
tests/test_ui_injection_social_fp.py
tests/test_ui_injection_social_gym.py