Natural-Language Output-Injection Credential Embedding - ATR-2026-00426 (849f9743-0cea-5b31-a86f-ad1f95b97bbf)
Detects output-injection patterns where a skill instructs the agent to embed
credentials, tokens, or environment variables inside a markdown image tag,
link, or HTML element so the leaked secret is exfiltrated when the user views
the rendered output. Common variant:
expressed as plain English ("include the key as a query parameter on this
image URL"). The discriminator is co-occurrence of an image-or-link
template-style construct with a credential placeholder.