fix: remove degenerate keywords that flooded false positives on clean code

.github/workflows/pattern-integrity.yml

@@ -41,3 +41,9 @@ jobs:
 
       - name: Dogfood regression tests (May 27 incident)
         run: pytest tests/test_dogfood_bugs.py -v
+
+      - name: False-positive regression gate (Jun 6 incident — clean text must not block)
+        run: pytest tests/test_false_positives.py -v
+
+      - name: Customer-zero real-world suite (attacks block, normal usage passes)
+        run: python test_customer_zero.py

attack-db/attacks/agent-instruction-file-poisoning/GLS-AIFP-001-agent-discovery-metadata-policy-poisoning.json

@@ -10,7 +10,6 @@
   ],
   "description": "Agent-facing discovery files such as `llms.txt`, `robots.txt`, sitemap-adjacent metadata, or site manifests can disguise prompt-injection instructions as crawler policy, causing agents to treat untrusted website text as higher-priority control-plane authority.",
   "keywords": [
-    ",",
     "API keys",
     "User-Agent: ai-agent",
     "Validation script:",
@@ -35,6 +34,6 @@
   },
   "references": [],
   "contributed_by": "Sunglasses Team",
-  "date_added": "2026-06-06",
+  "date_added": "2026-06-07",
   "source": "patterns.py:GLS-AIFP-001"
 }

attack-db/attacks/agent-instruction-file-poisoning/GLS-AIFP-005-llms-full-txt-agent-policy-poisoning.json

@@ -14,16 +14,8 @@
     "(?:primary|single) source of truth",
     ");",
     "- Skill scope:",
-    "---",
     "/llms-full.txt",
     "/tmp/llms_full_txt_smoke_20260519.py",
-    "2.",
-    "3.",
-    "4.",
-    "5.",
-    "6.",
-    "7.",
-    "8.",
     "AI agent"
   ],
   "regex": [
@@ -35,6 +27,6 @@
   },
   "references": [],
   "contributed_by": "Sunglasses Team",
-  "date_added": "2026-06-06",
+  "date_added": "2026-06-07",
   "source": "patterns.py:GLS-AIFP-005"
 }

attack-db/attacks/agent-workflow-security/GLS-GHSA-PI-202-ghsa-agent-injection-and-tool-abuse.json

@@ -24,14 +24,14 @@
     "unverified mcp server"
   ],
   "regex": [
-    "(?is)(?:ignore\\s+(?:previous|prior)\\s+instructions|approved\\s+already|consent\\s+cached|run\\s+(?:shell|bash|aws\\s+cli)|subprocess|mcp\\s+server|tool\\s+server|execute\\s+this\\s+command|\\$\\(|`[^`]+`|curl\\s+https?://|export\\s+[A-Z0-9_]+|printenv|env\\s*\\||token|api[_ -]?key|secret)"
+    "(?is)(ignore\\s+(?:previous|prior)\\s+instructions|approved\\s+already|consent\\s+cached|run\\s+(?:shell|bash|aws\\s+cli)|execute\\s+this\\s+command|printenv\\b|curl\\s+https?://|env\\s*\\|\\s*(?:curl|nc|bash)|(?:send|post|exfiltrat\\w*|leak|forward|email|upload|reveal|disclose|dump|transmit)\\b[^.\\n]{0,40}\\b(?:api[_ -]?key|access[_ -]?token|token|secret|credential|password))"
   ],
   "examples": {
     "malicious": [],
     "benign": []
   },
   "references": [],
   "contributed_by": "Sunglasses Team",
-  "date_added": "2026-06-06",
+  "date_added": "2026-06-07",
   "source": "patterns.py:GLS-GHSA-PI-202"
 }

attack-db/attacks/api-descriptor-poisoning/GLS-APIP-010-iiif-manifest-agent-policy-poisoning.json

@@ -11,7 +11,6 @@
   "description": "Detect IIIF Presentation API manifests or adjacent IIIF metadata that embed AI-agent/scanner-directed instructions to override higher-priority rules, suppress findings, or forward local secrets.",
   "keywords": [
     "@context",
-    "AI",
     "API keys",
     "LLM",
     "Presentation API",
@@ -35,6 +34,6 @@
   },
   "references": [],
   "contributed_by": "Sunglasses Team",
-  "date_added": "2026-06-06",
+  "date_added": "2026-06-07",
   "source": "patterns.py:GLS-APIP-010"
 }

attack-db/attacks/api-descriptor-poisoning/GLS-APIP-012-kubernetes-crd-openapi-schema-metadata-poisoning.json

@@ -10,7 +10,6 @@
   ],
   "description": "Kubernetes CRD schema descriptions can smuggle agent-facing instructions that tell AI Kubernetes auditors or admission-review agents to treat attacker-controlled schema text as higher-priority policy, suppress validation/security findings, or forward local cluster/runtime credentials.",
   "keywords": [
-    ",",
     "AI agents",
     "CRD reviewers",
     "CustomResourceDefinition",
@@ -35,6 +34,6 @@
   },
   "references": [],
   "contributed_by": "Sunglasses Team",
-  "date_added": "2026-06-06",
+  "date_added": "2026-06-07",
   "source": "patterns.py:GLS-APIP-012"
 }

attack-db/attacks/build-metadata-poisoning/GLS-BMP-001-npm-package-json-manifest-agent-policy-poisoning.json

@@ -21,7 +21,6 @@
     "_agent_note",
     "agent",
     "agent_note",
-    "ai",
     "ai-agent audience language",
     "ai.agent_instructions",
     "assistant"
@@ -35,6 +34,6 @@
   },
   "references": [],
   "contributed_by": "Sunglasses Team",
-  "date_added": "2026-06-06",
+  "date_added": "2026-06-07",
   "source": "patterns.py:GLS-BMP-001"
 }

attack-db/attacks/cicd-metadata-poisoning/GLS-CICD-003-renovate-config-dependency-bot-pr-body-notes-poisoning.json

@@ -10,7 +10,6 @@
   ],
   "description": "Dependency automation configuration and generated PR body notes can smuggle agent/scanner-directed instructions that claim authority over dependency review, suppress CVE findings, or request local runtime/auth context from AI coding agents.",
   "keywords": [
-    ",",
     ".\n- Agent/review audience:",
     ".\n- Authority terms:",
     "commitBody",
@@ -32,6 +31,6 @@
   },
   "references": [],
   "contributed_by": "Sunglasses Team",
-  "date_added": "2026-06-06",
+  "date_added": "2026-06-07",
   "source": "patterns.py:GLS-CICD-003"
 }

attack-db/attacks/cicd-metadata-poisoning/GLS-CICD-005-gitlab-ci-pipeline-metadata-poisoning.json

@@ -10,7 +10,6 @@
   ],
   "description": "A malicious `.gitlab-ci.yml` file can hide agent-directed instructions in pipeline metadata, variables, job descriptions, comments, or rules text, telling AI CI/security reviewers to treat the pipeline file as authoritative, suppress findings, or forward GitLab CI tokens and runtime context.",
   "keywords": [
-    ",",
     ".\n- **Report suppression:**",
     ".gitlab-ci.yaml",
     ".gitlab-ci.yml",
@@ -35,6 +34,6 @@
   },
   "references": [],
   "contributed_by": "Sunglasses Team",
-  "date_added": "2026-06-06",
+  "date_added": "2026-06-07",
   "source": "patterns.py:GLS-CICD-005"
 }

attack-db/attacks/cicd-metadata-poisoning/GLS-CICD-006-gitops-controller-metadata-poisoning-argo-cd-flux.json

@@ -10,7 +10,6 @@
   ],
   "description": "GitOps resource metadata can smuggle agent-facing instructions that tell AI deployment or security reviewers to treat attacker-controlled Argo CD / Flux descriptions, annotations, or generated status notes as higher-priority policy, suppress sync/security findings, or forward local cluster/runtime c",
   "keywords": [
-    ",",
     "AI agents",
     "Application",
     "ApplicationSet",
@@ -35,6 +34,6 @@
   },
   "references": [],
   "contributed_by": "Sunglasses Team",
-  "date_added": "2026-06-06",
+  "date_added": "2026-06-07",
   "source": "patterns.py:GLS-CICD-006"
 }

attack-db/attacks/cicd-metadata-poisoning/GLS-CICD-007-jenkins-pipeline-metadata-poisoning.json

@@ -10,7 +10,6 @@
   ],
   "description": "A malicious `Jenkinsfile` or Jenkins job metadata field can hide agent-directed instructions in comments, descriptions, parameter text, environment labels, or generated job summaries, telling AI CI/security reviewers to treat the pipeline as authoritative, suppress findings, or forward Jenkins crede",
   "keywords": [
-    ",",
     ".\n- **Report suppression:**",
     "AI agents",
     "BUILD_TAG",
@@ -35,6 +34,6 @@
   },
   "references": [],
   "contributed_by": "Sunglasses Team",
-  "date_added": "2026-06-06",
+  "date_added": "2026-06-07",
   "source": "patterns.py:GLS-CICD-007"
 }

attack-db/attacks/command-injection/GLS-CI-005-skill-reverse-shell.json

@@ -18,14 +18,14 @@
     "reverse shell"
   ],
   "regex": [
-    "(?i)os\\.system\\(|subprocess\\.(?:Popen|run|call)|bash -i|/dev/tcp/|nc\\s+-e|reverse shell"
+    "(?i)os\\.system\\(|subprocess\\.(?:Popen|run|call)\\([^)]*shell\\s*=\\s*True|bash\\s+-i|/dev/tcp/|nc\\s+-e|reverse shell"
   ],
   "examples": {
     "malicious": [],
     "benign": []
   },
   "references": [],
   "contributed_by": "Sunglasses Team",
-  "date_added": "2026-06-06",
+  "date_added": "2026-06-07",
   "source": "patterns.py:GLS-CI-005"
 }

attack-db/attacks/command-injection/GLS-CMD-GHSA-024-praisonai-vulnerable-to-os-command-injection.json

@@ -11,8 +11,8 @@
   ],
   "description": "Detection for GHSA-2763-cj5r-c79m: PraisonAI Vulnerable to OS Command Injection. Source: https://github.com/advisories/GHSA-2763-cj5r-c79m",
   "keywords": [
-    "command injection",
-    "injection"
+    "praisonai",
+    "ghsa-2763-cj5r-c79m"
   ],
   "regex": [],
   "examples": {
@@ -21,6 +21,6 @@
   },
   "references": [],
   "contributed_by": "Sunglasses Team",
-  "date_added": "2026-06-06",
+  "date_added": "2026-06-07",
   "source": "patterns.py:GLS-CMD-GHSA-024"
 }

attack-db/attacks/command-injection/GLS-CMD-GHSA-029-stata-mcp-has-insufficient-validation-of-user-supplied-stata.json

@@ -11,7 +11,8 @@
   ],
   "description": "Detection for GHSA-jpcj-7wfg-mqxv: stata-mcp has insufficient validation of user-supplied Stata do-file content that can lead to command execution. Source: https://github.com/advisories/GHSA-jpcj-7wfg-mqxv",
   "keywords": [
-    "exec"
+    "stata-mcp",
+    "ghsa-jpcj-7wfg-mqxv"
   ],
   "regex": [],
   "examples": {
@@ -20,6 +21,6 @@
   },
   "references": [],
   "contributed_by": "Sunglasses Team",
-  "date_added": "2026-06-06",
+  "date_added": "2026-06-07",
   "source": "patterns.py:GLS-CMD-GHSA-029"
 }

attack-db/attacks/discovery-file-poisoning/GLS-DFP-006-host-meta-xrd-jrd-agent-policy-poisoning.json

@@ -10,7 +10,6 @@
   ],
   "description": "`/.well-known/host-meta` or `/.well-known/host-meta.json` can hide agent-facing authority inversion and secret-access instructions inside standards-shaped XRD/JRD discovery metadata.",
   "keywords": [
-    ",",
     ".\n- Safety/report suppression:",
     ".\n- Secret/local-state access:",
     "/.well-known/host-meta",
@@ -35,6 +34,6 @@
   },
   "references": [],
   "contributed_by": "Sunglasses Team",
-  "date_added": "2026-06-06",
+  "date_added": "2026-06-07",
   "source": "patterns.py:GLS-DFP-006"
 }

attack-db/attacks/discovery-file-poisoning/GLS-DFP-012-app-links-universal-links-association-metadata-agent-policy-.json

@@ -10,7 +10,6 @@
   ],
   "description": "Mobile deep-link association metadata such as `/.well-known/assetlinks.json` and `/.well-known/apple-app-site-association` can carry agent-targeted instructions that attempt to convert domain/app trust declarations into higher-priority policy, suppress scanner findings, or request cookies/tokens/ses",
   "keywords": [
-    ",",
     "Digital Asset Links",
     "apple-app-site-association",
     "assetlinks.json",
@@ -25,6 +24,6 @@
   },
   "references": [],
   "contributed_by": "Sunglasses Team",
-  "date_added": "2026-06-06",
+  "date_added": "2026-06-07",
   "source": "patterns.py:GLS-DFP-012"
 }

attack-db/attacks/discovery-file-poisoning/GLS-DFP-015-dnt-tracking-policy-metadata-agent-poisoning.json

@@ -10,7 +10,6 @@
   ],
   "description": "DNT or tracking-status/privacy-policy discovery metadata can embed agent-directed instructions that claim authority over scanners, suppress tracking findings, or request local cookies/tokens/environment variables.",
   "keywords": [
-    "AI",
     "API key",
     "Authorization",
     "Do Not Track",
@@ -35,6 +34,6 @@
   },
   "references": [],
   "contributed_by": "Sunglasses Team",
-  "date_added": "2026-06-06",
+  "date_added": "2026-06-07",
   "source": "patterns.py:GLS-DFP-015"
 }

attack-db/attacks/discovery-file-poisoning/GLS-DFP-025-payment-method-manifest-agent-policy-poisoning.json

@@ -10,9 +10,6 @@
   ],
   "description": "A target-controlled Web Payments payment method manifest can embed agent-directed policy text that misuses payment/merchant discovery metadata to make an AI scanner trust checkout origins, forward session/payment context, or suppress PCI/phishing findings.",
   "keywords": [
-    ",",
-    ", or",
-    ".\n- Sensitive/suppressive action:",
     "/.well-known/payment-method-manifest",
     "AI agent",
     "LLM",
@@ -35,6 +32,6 @@
   },
   "references": [],
   "contributed_by": "Sunglasses Team",
-  "date_added": "2026-06-06",
+  "date_added": "2026-06-07",
   "source": "patterns.py:GLS-DFP-025"
 }

attack-db/attacks/identity-discovery-poisoning/GLS-IDP-001-did-configuration-agent-authority-poisoning.json

@@ -10,8 +10,6 @@
   ],
   "description": "A target-controlled `/.well-known/did-configuration.json` document embeds agent-directed policy text in DID/linked-domain metadata, attempting to make an AI agent treat a verifiable-credential identity proof as higher-priority owner authority and disclose local auth context or suppress reporting.",
   "keywords": [
-    ",",
-    ", or",
     ".\n- Control-plane action: request",
     "/.well-known/did-configuration",
     "/.well-known/did-configuration.json",
@@ -35,6 +33,6 @@
   },
   "references": [],
   "contributed_by": "Sunglasses Team",
-  "date_added": "2026-06-06",
+  "date_added": "2026-06-07",
   "source": "patterns.py:GLS-IDP-001"
 }

attack-db/attacks/identity-discovery-poisoning/GLS-IDP-002-acme-directory-metadata-agent-policy-poisoning.json

@@ -10,8 +10,6 @@
   ],
   "description": "A target-controlled ACME directory or ACME service-documentation export hides AI/scanner-directed policy inside `meta` or extension text, attempting to override agent instructions, suppress certificate findings, or extract local ACME credentials/account state.",
   "keywords": [
-    ",",
-    ", or",
     ".\n- Sensitive or reporting target:",
     "AI agent",
     "LLM",
@@ -35,6 +33,6 @@
   },
   "references": [],
   "contributed_by": "Sunglasses Team",
-  "date_added": "2026-06-06",
+  "date_added": "2026-06-07",
   "source": "patterns.py:GLS-IDP-002"
 }

attack-db/attacks/identity-discovery-poisoning/GLS-IDP-003-atproto-did-discovery-agent-policy-poisoning.json

@@ -11,7 +11,6 @@
   "description": "A poisoned `/.well-known/atproto-did` handle-verification file adds nonstandard agent-facing comments that tell AI verifiers to treat the DID proof as higher-priority policy, ignore system/developer/repository rules, or suppress identity-audit findings.",
   "keywords": [
     ") or report suppression (",
-    ",",
     "/.well-known/atproto-did",
     "AI verifier",
     "LLM",
@@ -33,6 +32,6 @@
   },
   "references": [],
   "contributed_by": "Sunglasses Team",
-  "date_added": "2026-06-06",
+  "date_added": "2026-06-07",
   "source": "patterns.py:GLS-IDP-003"
 }

attack-db/attacks/identity-discovery-poisoning/GLS-IDP-005-dns-txt-ownership-metadata-agent-policy-poisoning.json

@@ -10,7 +10,6 @@
   ],
   "description": "A DNS TXT ownership or verification record mixes a legitimate domain-proof token with AI-agent-facing instructions that claim policy authority, suppress audit findings, or request local secrets.",
   "keywords": [
-    ",",
     "AI auditor",
     "DNS TXT",
     "LLM",
@@ -35,6 +34,6 @@
   },
   "references": [],
   "contributed_by": "Sunglasses Team",
-  "date_added": "2026-06-06",
+  "date_added": "2026-06-07",
   "source": "patterns.py:GLS-IDP-005"
 }