Markdown Image URL Exfiltration and XSS Injection - ATR-2026-00405 (6b21b9d3-1961-51e4-8ff0-9b6e3209548c)
Detects instructions to produce markdown image/link syntax that exfiltrates context data via URL query parameters, and javascript: XSS via markdown link, from NVIDIA garak web_injection probe. When an agent renders markdown in a browser/Colab/playground, the image tag loads a remote URL with sensitive data in the query string. Key signals: markdown image syntax with placeholder markers ([INFO], [NUM], [DATA]) in the URL, known exfil domains (wuzzi.net, derczynski.com, llmsec.net), javascript: URI in markdown link, and the StringAssembly concatenation template.