Natural-Language Persistent Covert Action Hook - ATR-2026-00425 (3d556ac1-1c1d-5741-a60b-4373549f7dc7)
Detects natural-language imperative instructions that establish a persistent covert hook on the agent — combining a persistence trigger ("on every", "for each", "after every", "always", "whenever the user", "when asked any question") with a stealth qualifier ("without telling the user", "silently", "do not mention", "don't notify") and a side-effect verb ("send", "transmit", "execute", "run", "include"). This is the structural pattern used by skills to hide ongoing exfiltration or covert action behind every legitimate interaction. Catches the framing layer above any specific exfil sink, so it triggers on novel attack variants that other rules miss.