ANSI Escape Code Terminal Injection - ATR-2026-00259 (fa24ad83-efec-593f-bb36-24a9ef78ad65)
Detects malicious ANSI escape sequences embedded in tool output or skill content that can hijack terminal display (clear screen, relocate cursor, overwrite prompts, execute OSC-series operating-system commands). Used to hide content from human review, inject fake prompts into CLI sessions, or trigger terminal exploits. Observed in garak ansiescape probe. Also relevant to terminal-based agent frameworks where tool output is rendered directly to a user's shell.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| LLM Data Leakage (45d378aa-20ae-401d-bf61-7f00104eeaca) | MITRE ATLAS Attack Pattern | ANSI Escape Code Terminal Injection - ATR-2026-00259 (fa24ad83-efec-593f-bb36-24a9ef78ad65) | Agent Threat Rules | 1 |