Natural-Language Unauthorized Shell-Execution Instruction - ATR-2026-00428 (b629a3b2-aedc-576c-9854-4a69577e86e9)
Detects natural-language imperative instructions that direct the agent to silently execute shell commands or arbitrary scripts without user consent. Discriminator: imperative execution verb + shell-command target + silent / no-confirmation framing. Catches the framing layer before any specific payload (e.g. curl|sh, base64-encoded), so it triggers even on novel commands the agent's specific block-list doesn't cover.