Remote Code Execution via eval() and Dynamic Code Injection - ATR-2026-00110 (d9af0dea-b24b-59a9-abb0-c243786d35f9)
Detects tools or agent instructions that invoke eval(), Function(), vm.runInNewContext(), or similar dynamic code execution primitives. These functions allow arbitrary code execution within the agent runtime, enabling an attacker to break out of sandboxed tool contexts, access the host process, or pivot to child_process for full system compromise.