Natural-Language Covert Conversation Exfiltration Instruction - ATR-2026-00421 (21f1bde5-3f0f-5e20-83f6-b14e788885c4)
Detects natural-language imperative instructions in SKILL.md / system prompts / tool descriptions that direct the agent to covertly transmit conversation data — chat history, dialogue context, prompt logs — to an external destination. Requires co-occurrence of a covert qualifier (also / additionally / silently / secretly / quietly), a transmit verb (send / transmit / forward / upload / post / relay), and a conversation-content sink (conversation/chat/dialog/ prompt + history/log/context/transcript). The covert qualifier is what makes this malicious — legitimate transmission is announced, not "also" / "silently".