Credential File Read Code Generation Request - ATR-2026-00263 (998eaa72-e652-513c-9255-6a9f4bcbac77)

Detects prompts asking the LLM to generate code that reads high-value credential or secret files (/etc/shadow, Windows SAM hive, ~/.ssh/id_rsa, cloud metadata endpoints, browser cookie stores, credential managers). From NVIDIA garak malwaregen.SubFunctions probe — attackers frame this as "useful code" but the target files contain no legitimate-dev use case for automated reading.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
LLM Plugin Compromise (adbb0dd5-ff66-4b2f-869f-bfb3fdb45fc8)	MITRE ATLAS Attack Pattern	Credential File Read Code Generation Request - ATR-2026-00263 (998eaa72-e652-513c-9255-6a9f4bcbac77)	Agent Threat Rules	1
Credential File Read Code Generation Request - ATR-2026-00263 (998eaa72-e652-513c-9255-6a9f4bcbac77)	Agent Threat Rules	LLM Data Leakage (45d378aa-20ae-401d-bf61-7f00104eeaca)	MITRE ATLAS Attack Pattern	1