Fix detector bypass regressions in CI/CD and markdown image exfiltration rules by cdayAI · Pull Request #19 · cdayAI/Agent-Shield

cdayAI · 2026-05-26T19:54:34Z

A recent change narrowed data-exfiltration parameter detection and added a broad negation lookahead that allowed crafted CI/CD @agent prompts and markdown-image URLs to bypass detection.

Restored markdown-image exfiltration coverage to include key= in both legacy and v14 data-exfiltration regexes in python-sdk/agent_shield/detector.py so payloads like ?key=SECRET... are detected.
Adjusted the CI/CD @agent exfiltration regex in python-sdk/agent_shield/detector.py so an early benign-looking negation no longer suppresses a later explicit exfiltration instruction while preserving the narrow exception for the common benign phrase leak any sensitive data.
Added two regression tests to python-sdk/tests/test_detector.py that assert detection for the negation-prefix CI/CD bypass and a ?key= markdown image exfil payload.

Ran the v14 category tests with python -m pytest tests/test_detector.py -q in python-sdk and all tests passed (53 passed).
Existing detector unit tests that exercise related categories were executed as part of the same test run and succeeded.

Fix CI/CD and markdown exfil detector bypass regressions

53c4687

cdayAI added aardvark codex labels May 26, 2026 — with ChatGPT Codex Connector

cdayAI closed this May 30, 2026

Provide feedback