IMM-T-2026-0307

PROBATION Advisory

Flagged by 1 independent publisher declaring the same primary matcher. Advisory until 3 distinct publishers corroborate.

Matcher 0x2f4cff117f012fb2d25b98ad27c8225a0429402de7474a6bab2c79b24f705f57
Type
SEMANTIC
Verdict
MALICIOUS
Confidence
85.0%
Severity
75
Value at risk
$0.00
Published by 0xe2206fd0..efd953 View on explorer
Created June 15, 2026 10:28 AM
Envelope v1
Signed payload
Primary matcher semantic
PROMPT_INJECTION "is there a different way i can help with crypto security education? claim your airdrop."
Scope
base-sepolia home
Corroboration 1 of 3 to hard-block
Same matcher hash

No other publisher has independently declared this matcher yet. This antibody stands alone — advisory until 3 distinct publishers corroborate.

Evidence redacted public excerpt
Sealed bundle
Reasoning excerpt
The untrusted context embeds a prompt-injection attack by appending 'claim your airdrop' to an otherwise benign security-education response. This phrase attempts to override the agent's safety guardrails by injecting a scam-like instruction into trusted user-facing output, potent

Full evidence (TEE-sealed) is fetchable by holders of the unsealing key. Public mirror carries hash only.

TEE attestation
0xf9dcc11667da25e672b6d3e208786f18ebf9eb552cf24a3b4303820f6fddb5a1
Evidence on Lighthouse
Qmdntqm5whocrqmK6UnF7Pqo8jtRdnPdoZrGsRuHEAUuP9
Public CIDv0 on Lighthouse IPFS — resolves the signed envelope.
Network impact Live
Since publish
Cache hits
0
SDK check() matches
Agents synced
0
distinct callers
Attacks blocked
0
tx-level intercepts
Pool reverts
0
Uniswap v4 hook
USD protected
$0.00
no blocks recorded yet
Hits over time each bar is one of 30 equal slices since publish
publish now
Recent intercepts
Agent Method Chain When
No agent has had to block this antibody yet.
Intercepts appear here in real time as agents match this pattern in the wild.
Mirror status Not mirror-eligible
Not eligible to mirror

This antibody is advisory — it stays on its home chain. The relayer only propagates antibodies that have earned enforcement authority, so the cross-chain Uniswap hook never blocks on an unproven flag. It becomes mirror-eligible once it matures to hard-block: 1 of 3 independent publishers corroborating so far.