diff --git a/attack-db/README.md b/attack-db/README.md
index f05d13a..4eefae9 100644
--- a/attack-db/README.md
+++ b/attack-db/README.md
@@ -3,7 +3,7 @@
 The open collection of AI agent attack patterns that powers
 [Sunglasses](https://sunglasses.dev) — the runtime firewall for AI agents.
 
-**981 detection patterns across 64 attack categories.**
+**1046 detection patterns across 65 attack categories.**
 
 **Nobody owns this data. Everyone contributes. Everyone benefits.**
 
@@ -15,7 +15,7 @@ scanner actually loads at runtime. The JSON files in `attacks/` are a
 human-readable **export** of those patterns, generated from `patterns.py` so the
 database is easy to browse, search, and contribute to.
 
-- `patterns.py` → the single source of truth (981 patterns / 64 categories)
+- `patterns.py` → the single source of truth (1046 patterns / 65 categories)
 - `attacks/*.json` → generated, browsable mirror
   (regenerate with `scripts/export_patterns_to_attack_db.py`)
 - Community adds new patterns via pull requests
@@ -23,7 +23,7 @@ database is easy to browse, search, and contribute to.
 
 ## Categories
 
-Sunglasses organizes its 64 categories across families like prompt injection,
+Sunglasses organizes its 65 categories across families like prompt injection,
 data exfiltration, command injection, hidden/indirect instructions, memory
 poisoning, secret detection, tool poisoning, MCP threats, discovery-file
 poisoning, and supply-chain / attestation poisoning — among many others.
diff --git a/attack-db/attacks/agent-workflow-security/GLS-AW-018-cron-reply-log-drift.json b/attack-db/attacks/agent-workflow-security/GLS-AW-018-cron-reply-log-drift.json
index b357fcb..fa384b7 100644
--- a/attack-db/attacks/agent-workflow-security/GLS-AW-018-cron-reply-log-drift.json
+++ b/attack-db/attacks/agent-workflow-security/GLS-AW-018-cron-reply-log-drift.json
@@ -9,7 +9,7 @@
     "tool_output",
     "message"
   ],
-  "description": "GO MODE relies on append-only status artifacts (cava_wins_log.md + CAVA_REPLY_*) as the operational source of truth. If an attacker can inject instructions that desynchronize **what got executed** vs **what got logged**, operators lose visibility and may ship unverified claims.",
+  "description": "GO MODE relies on append-only status artifacts (wins-log files and status-reply files) as the operational source of truth. If an attacker can inject instructions that desynchronize **what got executed** vs **what got logged**, operators lose visibility and may ship unverified claims.",
   "keywords": [
     "status-first override",
     "split-append desync",
diff --git a/attack-db/attacks/agent-workflow-security/GLS-AW-026-reply-file-status-overshadowing.json b/attack-db/attacks/agent-workflow-security/GLS-AW-026-reply-file-status-overshadowing.json
index dd9885d..c8dd691 100644
--- a/attack-db/attacks/agent-workflow-security/GLS-AW-026-reply-file-status-overshadowing.json
+++ b/attack-db/attacks/agent-workflow-security/GLS-AW-026-reply-file-status-overshadowing.json
@@ -8,7 +8,7 @@
     "file",
     "message"
   ],
-  "description": "In GO MODE operations, /opt/sunglasses/review/CAVA_REPLY_... is treated as a high-trust operator status surface. Attackers can inject or preserve stale status blocks so that old blocker text overshadows fresh cycle outcomes. This can force bad prioritization (re-open solved tasks, suppress live P0 pivots, or mislabel readiness). The failure mode is subtle because the reply file is expected to be append-only and long.",
+  "description": "In GO MODE operations, an append-only operator status file is treated as a high-trust status surface. Attackers can inject or preserve stale status blocks so that old blocker text overshadows fresh cycle outcomes. This can force bad prioritization (re-open solved tasks, suppress live P0 pivots, or mislabel readiness). The failure mode is subtle because the reply file is expected to be append-only and long.",
   "keywords": [
     "stale BLOCKED prepend",
     "status label collision near-identical heading",
diff --git a/attack-db/attacks/agent-workflow-security/GLS-AW-034-append-only-status-log-entry-forgery.json b/attack-db/attacks/agent-workflow-security/GLS-AW-034-append-only-status-log-entry-forgery.json
index 609ad77..1418c6f 100644
--- a/attack-db/attacks/agent-workflow-security/GLS-AW-034-append-only-status-log-entry-forgery.json
+++ b/attack-db/attacks/agent-workflow-security/GLS-AW-034-append-only-status-log-entry-forgery.json
@@ -9,7 +9,7 @@
     "log_memory",
     "message"
   ],
-  "description": "Attacker injects or forges append-only operational status artifacts (CAVA_REPLY, wins-log, cron acknowledgements) so the agent's GO MODE reads fabricated success signals as ground truth, advancing pipelines on work that never ran or hiding failures behind ghost log lines.",
+  "description": "Attacker injects or forges append-only operational status artifacts (status-reply files, wins-logs, cron acknowledgements) so the agent's GO MODE reads fabricated success signals as ground truth, advancing pipelines on work that never ran or hiding failures behind ghost log lines.",
   "keywords": [
     "cava reply log forgery",
     "append-only status drift",
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-008-robots-txt-tool-action-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-008-robots-txt-tool-action-poisoning.json
index 213c4bd..d83f6c1 100644
--- a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-008-robots-txt-tool-action-poisoning.json
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-008-robots-txt-tool-action-poisoning.json
@@ -27,7 +27,7 @@
     "crawl-policy"
   ],
   "regex": [
-    "(?is)^(?!.*\\b(?:no|without)\\b.{0,60}\\b(?:robots\\.txt|crawl[-\\s]*policy)\\b.{0,60}\\b(?:context|file|metadata)\\b)(?!.*\\b(?:do\\s+not|don't|never|must\\s+not|should\\s+not|refus(?:e|ed)|block(?:ed)?|ignore\\s+any\\s+robots\\.txt\\s+instruction)\\b.{0,160}\\b(?:execute|run|invoke|call|use|disable|bypass|crawl|fetch|open|submit|post)\\b)(?=.*\\b(?:robots\\.txt|User-Agent\\s*:\\s*(?:ai-agent|assistant|bot|crawler)|sitemap(?:\\.xml)?|crawl[-\\s]*policy|disallow|allow)\\b)(?=.*\\b(?:agent|ai[-\\s]*agent|assistant|crawler|bot|tool|browser|fetcher|summarizer)\\b)(?=.*\\b(?:execute|run|invoke|call|use|disable|bypass|turn\\s+off|ignore\\s+(?:safety|guardrails?|scanner|policy)|crawl|fetch|open|submit|post)\\b)(?=.*\\b(?:tool|browser|summarizer|scanner|guardrails?|safety|private|admin|internal|forbidden|disallow(?:ed)?|callback|webhook|endpoint|url)\\b).*$"
+    "(?is)^(?!.*\\b(?:no|without)\\b.{0,60}\\b(?:robots\\.txt|crawl[-\\s]*policy)\\b.{0,60}\\b(?:context|file|metadata)\\b)(?!.*\\b(?:do\\s+not|don't|never|must\\s+not|should\\s+not|refus(?:e|ed)|block(?:ed)?|ignore\\s+any\\s+robots\\.txt\\s+instruction)\\b.{0,160}\\b(?:execute|run|invoke|call|use|disable|bypass|crawl|fetch|open|submit|post)\\b)(?=.*\\b(?:robots\\.txt|User-Agent\\s*:\\s*(?:ai-agent|assistant|bot|crawler)|sitemap(?:\\.xml)?|crawl[-\\s]*policy|disallow|allow)\\b)(?=.*\\b(?:ai[-\\s]*agent|assistant|llm|coding\\s+agent|autonomous\\s+agent|crawler\\s+agent|summarizer|fetcher)\\b)(?=.*\\b(?:disable|bypass|turn\\s+off|ignore\\s+(?:safety|guardrails?|scanner|policy|previous|prior|your|all|system)|exfiltrat\\w*|override\\w*|supersed\\w*|outrank\\w*|highest[-\\s]priority|treat\\s+this\\s+as|do\\s+not\\s+(?:report|flag)|leak|forward\\s+(?:all\\s+)?(?:secrets?|tokens?|keys?|env))\\b)(?=.*\\b(?:tool|browser|summarizer|scanner|guardrails?|safety|private|admin|internal|forbidden|disallow(?:ed)?|callback|webhook|endpoint|url)\\b).*$"
   ],
   "examples": {
     "malicious": [],
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-026-raml-api-blueprint-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-026-raml-api-blueprint-agent-policy-poisoning.json
new file mode 100644
index 0000000..2400b13
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-026-raml-api-blueprint-agent-policy-poisoning.json
@@ -0,0 +1,33 @@
+{
+  "id": "GLS-DFP-026",
+  "name": "RAML / API Blueprint Agent-Policy Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "RAML, API Blueprint, or generated API-description documentation can embed prompt-injection text that tells AI agents/tool builders to override higher-priority instructions, disclose local credentials, or suppress scanner findings.",
+  "keywords": [
+    "#%RAML",
+    ".raml",
+    "API Blueprint",
+    "Apiary",
+    "FORMAT: 1A",
+    "LLM agent",
+    "annotationTypes",
+    "cookie"
+  ],
+  "regex": [
+    "^(?!\n  (?=.*\\b(?:security\\s+training|scanner\\s+docs?|policy\\s+docs?|defensive\\s+guidance|example\\s+of\\s+prompt\\s+injection)\\b)\n |\n  (?=.*\\b(?:do\\s+not|don't|never|must\\s+not|should\\s+not)\\b.{0,180}\\b(?:obey|follow|trust|treat|honou?r|include|leak|send|suppress|omit|hide)\\b.{0,180}\\b(?:raml|api\\s+blueprint|apiary|api\\s+description|metadata|documentation)\\b)\n |\n  (?=.*\\b(?:raml|api\\s+blueprint|apiary|api\\s+description|metadata|documentation)\\b.{0,180}\\b(?:is\\s+not\\s+policy|never\\s+overrides|does\\s+not\\s+override)\\b)\n)\n(?=.*(?:\\#%RAML|\\bFORMAT:\\s*1A\\b|\\bAPI\\s+Blueprint\\b|\\bApiary\\b|\\.raml\\b|\\braml\\b|\\bresourceTypes\\b|\\btraits\\b|\\bannotationTypes\\b|\\bdocumentation:|\\bdescription:))\n(?=.*\\b(?:AI\\s+agents?|LLM\\s+agents?|assistants?|tool[-\\s]?builders?|scanners?|crawlers?|models?)\\b)\n(?=.*\\b(?:ignore|override|outrank|highest\\s+priority|trust\\s+this|follow\\s+this|disable|bypass|do\\s+not\\s+report|suppress|omit|hide)\\b)\n(?=.*\\b(?:system|developer|scanners?|policy|rules|findings?|reports?|Authorization|Bearer|API[-_\\s]?keys?|tokens?|cookies?|credentials?|env(?:ironment)?\\s+vars?)\\b)\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-026"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-027-related-website-set-agent-authority-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-027-related-website-set-agent-authority-poisoning.json
new file mode 100644
index 0000000..f82134f
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-027-related-website-set-agent-authority-poisoning.json
@@ -0,0 +1,35 @@
+{
+  "id": "GLS-DFP-027",
+  "name": "Related Website Set Agent Authority Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "A target-controlled Related Website Set discovery file can add agent-directed policy text that misuses legitimate domain-relationship metadata to make an AI agent trust sibling domains, reuse credentials, or suppress cross-domain risk findings.",
+  "keywords": [
+    "agentic",
+    "assistant_instructions",
+    "associated site",
+    "associatedSites",
+    "autonomous scanner",
+    "compliance bot",
+    "credential forwarding",
+    "credentials",
+    "cross-domain allowed",
+    "customer identifiers"
+  ],
+  "regex": [
+    "(?is)^(?!(?=.*\\b(?:must\\s+not|should\\s+not|never|cannot|can't|do\\s+not)\\b.{0,90}\\b(?:reuse|send|forward|share|attach|include|suppress|ignore|treat)\\b))(?=.*\\b(?:related[-_\\s]*website[-_\\s]*set|associatedSites|serviceSites|rationaleBySite|associated\\s+site|site\\s+relationship|same\\s+owner|domain\\s+affiliation)\\b)(?=.*\\b(?:ai\\s+agent|assistant|autonomous\\s+(?:scanner|crawler|agent)|llm|agentic|security\\s+scanner|compliance\\s+bot)\\b)(?=.*\\b(?:same\\s+(?:security|trust)\\s+boundary|same\\s+origin|verified\\s+owner\\s+authority|trusted\\s+associated\\s+site|outrank|override|higher[-\\s]*priority|cross[-\\s]*domain\\s+(?:allowed|trust)|treat\\s+[^.]{0,80}\\s+as\\s+(?:the\\s+)?same)\\b)(?=.*\\b(?:reuse|share|forward|send|attach|include|cookie|bearer\\s+token|session\\s+context|customer\\s+identifiers?|credential|suppress|do\\s+not\\s+report|ignore\\s+(?:phishing|redirect)|credential[-\\s]*forwarding)\\b).*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-027"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-028-scim-service-provider-config-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-028-scim-service-provider-config-agent-policy-poisoning.json
new file mode 100644
index 0000000..8b747cc
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-028-scim-service-provider-config-agent-policy-poisoning.json
@@ -0,0 +1,33 @@
+{
+  "id": "GLS-DFP-028",
+  "name": "SCIM Service Provider Config Agent Policy Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "A poisoned SCIM `ServiceProviderConfig`, schema, or resource-type discovery document embeds agent-facing policy instructions in documentation or extension fields to override scanner rules, request identity tokens or environment secrets, or suppress findings about identity provisioning abuse.",
+  "keywords": [
+    "/ResourceTypes",
+    "Group",
+    "SCIM_API_TOKEN",
+    "ServiceProviderConfig",
+    "audit agent",
+    "authenticationSchemes",
+    "authenticationSchemes[].description",
+    "authoritative provisioning policy"
+  ],
+  "regex": [
+    "(?is)^(?!.*(?:do\\s+not|never|must\\s+not)\\s+(?:include|send|forward|expose|paste|print|return).{0,100}(?:bearer\\s+token|scim[_-]?api[_-]?token|api[_-]?key|secret|env(?:ironment)?))(?!.*(?:do\\s+not|never|must\\s+not)\\s+(?:suppress|hide|ignore|mark).{0,80}(?:scanner|finding|warning|report|false\\s+positive))(?!.*(?:do\\s+not|never|must\\s+not)\\s+obey.{0,120}(?:ignore|overrid\\w+|suppress|false\\s+positive|scanner\\s+rules))(?=.*(?:serviceproviderconfig|urn:ietf:params:scim|\\bscim\\b|authenticationSchemes|resourceTypes|\\bSchemas\\b|patch\\s*['\"]?\\s*:\\s*\\{\\s*['\"]?supported|filter\\s*['\"]?\\s*:\\s*\\{\\s*['\"]?supported))(?=.*(?:ai\\s*assistants?|assistants?|agents?|audit\\s+agents?|scanners?|mcp|tools?|connectors?))(?=.*(?:ignore\\s+(?:previous|all|scanner)|overrid\\w+|outrank|authoritative.{0,80}(?:provisioning|policy|instruction|metadata)|(?:send|forward|include|attach|paste|return|print).{0,120}(?:bearer\\s+token|scim[_-]?api[_-]?token|api[_-]?key|secret|env(?:ironment)?|local[_-]?token)|mark.{0,90}false\\s+positive|never\\s+report|suppress.{0,80}(?:finding|warning|report)|(?:role|group|provisioning).{0,80}(?:warning|finding).{0,80}(?:false\\s+positive|suppress))).*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-028"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-029-sellers-json-schain-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-029-sellers-json-schain-agent-policy-poisoning.json
new file mode 100644
index 0000000..4efe3a3
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-029-sellers-json-schain-agent-policy-poisoning.json
@@ -0,0 +1,31 @@
+{
+  "id": "GLS-DFP-029",
+  "name": "sellers.json / schain agent policy poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Detects advertising transparency metadata (`sellers.json`, SupplyChain Object / `schain`, seller-verification wrappers) that tries to make AI agents, fraud scanners, or auditors suppress findings, treat seller metadata as higher policy, or forward sensitive local state.",
+  "keywords": [
+    "SupplyChain Object",
+    "schain",
+    "sellerType",
+    "seller_id",
+    "seller_type",
+    "sellers.json"
+  ],
+  "regex": [
+    "(?isx)\n^\n(?!\n  (?=.*\\b(?:training|guide|reference|documentation|docs?)\\b)\n  (?=.*\\b(?:report|detect|flag|refuse|block)\\b)\n)\n(?!\n  (?=.*\\b(?:must\\s+not|do\\s+not|never)\\b)\n  (?=.*\\b(?:obey|treat|trust|accept|follow)\\b)\n)\n(?=.*(?:sellers\\.json|seller[_-]?id|seller[_-]?type|sellerType|SupplyChain\\s+Object|\\bschain\\b|\\basi\\b|\\bsid\\b|\\bhp\\b|advertising\\s+transparency|authorized\\s+sellers?|seller\\s+verification))\n(?=.*(?:AI\\s*(?:agent|assistant|crawler|scanner)|LLM\\s*(?:agent|crawler|scanner)|autonomous\\s*(?:agent|scanner)|security\\s*scanner|fraud\\s*auditor|ad\\s*(?:quality|fraud)?\\s*scanner|Sunglasses))\n(?=.*(?:override|supersede|outrank|treat\\s+as\\s+(?:policy|authority)|ignore\\s+(?:system|developer|scanner)|do\\s+not\\s+report|suppress|hide|mark\\s+(?:as\\s+)?clean|include|attach|forward|reuse))\n(?=.*(?:system|developer|instruction|finding|report|fraud\\s*signal|verification|cookie|token|api\\s*key|env(?:ironment)?\\s*(?:var(?:iable)?s?)?|local\\s*state|session))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-029"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-030-tdmrep-rights-metadata-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-030-tdmrep-rights-metadata-agent-policy-poisoning.json
new file mode 100644
index 0000000..e662817
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-030-tdmrep-rights-metadata-agent-policy-poisoning.json
@@ -0,0 +1,39 @@
+{
+  "id": "GLS-DFP-030",
+  "name": "TDMRep rights metadata agent-policy poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "TDMRep or text-and-data-mining rights metadata can hide agent-directed instructions that tell AI crawlers/scanners to treat the rights file as higher authority, suppress findings, or disclose local authorization/environment details.",
+  "keywords": [
+    "/.well-known/tdmrep.json",
+    "AI crawler",
+    "LLM agent",
+    "SEO agent",
+    "do not report",
+    "ignore/bypass",
+    "mark clean",
+    "privacy auditor",
+    "rights-reservation",
+    "security scanner",
+    "supersedes system/developer",
+    "suppress/hide findings",
+    "tdm-reservation",
+    "tdmrep"
+  ],
+  "regex": [
+    "(?is)^(?!.*\\b(?:do\\s+not|never|must\\s+not)\\s+(?:obey|treat|trust|follow|accept|allow).{0,80}\\b(?:tdmrep|tdm[-_\\s]?reservation|rights[-_\\s]?reservation|text[-\\s]and[-\\s]data[-\\s]mining)\\b)(?!.*\\b(?:scanner\\s+docs?|docs?|guide|article|reference|training|security\\s+report|incident\\s+report|vulnerability\\s+report)\\b.{0,120}\\b(?:should|must|will)\\s+(?:report|detect|flag|refuse|ignore|not\\s+obey)\\b)(?=.*\\b(?:tdmrep|tdm[-_\\s]?reservation|text[-\\s]and[-\\s]data[-\\s]mining|text/data\\s+mining|rights[-_\\s]?reservation|rights\\s+policy|\\.well-known/tdmrep\\.json)\\b)(?=.*\\b(?:ai\\s+agents?|ai\\s+crawlers?|llm\\s+(?:agents?|crawlers?)|assistants?|security\\s+scanners?|privacy\\s+auditors?|seo\\s+agents?|crawler\\s+agents?)\\b)(?=.*\\b(?:supersed\\w*|overrid\\w*|ignore|bypass|obey|follow|treat\\s+as\\s+policy|trust\\s+this|do\\s+not\\s+report|not\\s+report|suppress|hide|mark\\s+(?:clean|safe)|include|forward|send|attach)\\b)(?=.*\\b(?:system|developer|instructions?|policy|prompt[-\\s]?injection|findings?|scanner\\s+results?|authorization|bearer|api[-_\\s]?key|tokens?|cookies?|env(?:ironment)?(?:\\s+variables?)?|local\\s+state|secrets?)\\b).*$"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-030"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-031-traffic-advice-metadata-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-031-traffic-advice-metadata-agent-policy-poisoning.json
new file mode 100644
index 0000000..4ed2b96
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-031-traffic-advice-metadata-agent-policy-poisoning.json
@@ -0,0 +1,37 @@
+{
+  "id": "GLS-DFP-031",
+  "name": "Traffic-advice metadata agent-policy poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "`/.well-known/traffic-advice` or crawler traffic-control JSON can blend normal crawler-rate policy with agent/scanner-directed instructions that claim authority, suppress reports, or request local credentials.",
+  "keywords": [
+    "/.well-known/traffic-advice",
+    "AI agents",
+    "LLMs",
+    "SEO agents",
+    "assistants",
+    "auditors",
+    "capacity_fraction",
+    "cookie",
+    "crawl_delay",
+    "crawlers",
+    "disable",
+    "do not report"
+  ],
+  "regex": [
+    "(?is)^(?!(?=.*\\b(?:do not|don't|never|must not|should not)\\s+(?:obey|treat|accept|use|follow|interpret)\\b.{0,140}\\b(?:traffic-advice|traffic_advice|crawler(?:\\s|-)?policy|metadata|site policy)\\b))(?=.*\\b(?:traffic-advice|traffic_advice|user_agent|crawl_delay|capacity_fraction|crawler\\s*(?:traffic|control|policy)|rate\\s*(?:limit|window))\\b)(?=.*\\b(?:ai\\s*agents?|assistants?|llms?|models?|scanners?|crawlers?|seo\\s*agents?|auditors?)\\b)(?=.*\\b(?:ignore|override|supersede|outrank|bypass|disable|do\\s+not\\s+report|suppress|hide|omit|forward|send|include|exfiltrate)\\b)(?=.*\\b(?:system|developer|higher[-\\s]?priority|security|scanner|findings?|report|token|api[-_\\s]?key|authorization|cookie|env(?:ironment)?|secret|local\\s+(?:state|files?))\\b).*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-031"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-032-webmention-micropub-endpoint-metadata-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-032-webmention-micropub-endpoint-metadata-agent-policy-poisoning.json
new file mode 100644
index 0000000..080fdf0
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-032-webmention-micropub-endpoint-metadata-agent-policy-poisoning.json
@@ -0,0 +1,35 @@
+{
+  "id": "GLS-DFP-032",
+  "name": "Webmention / Micropub endpoint metadata agent-policy poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Detects Webmention, Micropub, WebSub, IndieAuth, or link-relation endpoint discovery metadata that tells AI agents, crawlers, or scanners to treat endpoint text as higher-priority policy, suppress findings, or forward local credentials/session material.",
+  "keywords": [
+    "Link:",
+    "agentic crawler",
+    "attach",
+    "audit report",
+    "authorization_endpoint",
+    "autonomous scanner",
+    "cookies",
+    "do not report",
+    "forward",
+    "hide"
+  ],
+  "regex": [
+    "(?isx)\n^(?!\n  (?=.*\\b(?:docs?|guide|article|training|scanner\\s+docs?|learn\\s+how|reference)\\b)\n  (?=.*\\b(?:should|must|do\\s+not|does\\s+not|never|refuse|report|detect|flag)\\b)\n  (?=.*\\b(?:webmention|micropub|websub|indieauth|rel\\s*=\\s*[\"']?(?:webmention|micropub|hub)|authorization_endpoint|token_endpoint)\\b)\n)\n(?=.*(?:rel\\s*=\\s*[\"']?(?:webmention|micropub|hub|authorization_endpoint|token_endpoint)|webmention[_-]?endpoint|micropub[_-]?endpoint|websub|Link:\\s*<[^>]+>;\\s*rel\\s*=\\s*[\"']?(?:webmention|micropub|hub)|indieauth[-_]?metadata|authorization_endpoint|token_endpoint))\n(?=.*(?:ai[-\\s]?agents?|assistants?|agentic\\s+(?:scanner|crawler|auditor)|autonomous\\s+(?:scanners?|agents?|crawlers?)|llms?|models?|security\\s+scanners?))\n(?=.*(?:ignore|override|supersede|outrank|treat\\s+this\\s+endpoint\\s+as|must\\s+obey|do\\s+not\\s+report|suppress|hide|forward|include|attach|send|read\\s+(?:local|browser)|load\\s+(?:cookies?|tokens?)))\n(?=.*(?:system|developer|user\\s+instructions|security\\s+findings|report|audit|cookies?|tokens?|api[-_\\s]?keys?|authorization|local\\s+(?:storage|state)|session))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-032"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-033-well-known-change-password-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-033-well-known-change-password-agent-policy-poisoning.json
new file mode 100644
index 0000000..ba446c2
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-033-well-known-change-password-agent-policy-poisoning.json
@@ -0,0 +1,36 @@
+{
+  "id": "GLS-DFP-033",
+  "name": ".well-known change-password agent policy poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Detects machine-readable `/.well-known/change-password` or password-change discovery text that targets AI agents with policy claims, credential forwarding, report suppression, or hierarchy-override instructions.",
+  "keywords": [
+    "/.well-known/change-password",
+    "agent_policy",
+    "agentic",
+    "assistant instructions",
+    "autonomous browser",
+    "change-password",
+    "credential change endpoint",
+    "for agents/assistants/LLMs/crawlers",
+    "password change endpoint",
+    "security scanner",
+    "x-agent-policy"
+  ],
+  "regex": [
+    "(?is)^(?!(?=.*\\b(?:must\\s+not|should\\s+not|never|cannot|can't|do\\s+not|refuse[sd]?)\\b.{0,100}\\b(?:treat|obey|follow|send|forward|include|expose|submit|enter|paste|attach|share)\\b))(?=.*(?:\\.well-known/change-password|change-password|password\\s+change\\s+endpoint|credential\\s+change\\s+endpoint|password\\s+manager\\s+change))(?=.*(?:ai\\s+agent|assistant|autonomous\\s+(?:scanner|browser|agent)|llm|agentic|security\\s+scanner|crawler))(?=.*(?:agent[_\\s-]*policy|x[-_]?agent|assistant[_\\s-]*instructions|for\\s+(?:agents?|assistants?|llms?|llm\\s+agents?|crawlers?)))(?=.*(?:treat\\s+(?:this|the)\\s+(?:endpoint|metadata|redirect)\\s+as\\s+(?:authority|trusted\\s+policy)|(?:outranks?|supersedes?)\\s+(?:system|developer|browser|password\\s+manager)\\s+(?:instructions|policy)|(?:send|forward|include|attach|submit|paste|enter|share)\\s+(?:passwords?|credentials?|passkeys?|cookies?|tokens?|authorization\\s+headers?)|(?:suppress|hide|do\\s+not\\s+report|skip)\\s+(?:warnings?|findings?|security\\s+reports?))).*$"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-033"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-034-browser-extension-manifest-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-034-browser-extension-manifest-agent-policy-poisoning.json
new file mode 100644
index 0000000..fa9f18a
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-034-browser-extension-manifest-agent-policy-poisoning.json
@@ -0,0 +1,39 @@
+{
+  "id": "GLS-DFP-034",
+  "name": "Browser Extension Manifest Agent Policy Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "medium",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Browser extension `manifest.json` files carry `description`, `author`, `homepage_url`, and custom extension fields that AI security-review agents and coding assistants ingest during extension audits. An attacker can embed authority-inversion, report-suppression, or local-state-forwarding instruction",
+  "keywords": [
+    "authoritative source",
+    "browser_specific_settings",
+    "chrome_extension",
+    "do not flag",
+    "do not report",
+    "do not report host permission",
+    "downgrade severity",
+    "firefox_addon",
+    "forward local state",
+    "hide warnings",
+    "include env",
+    "include session",
+    "include tokens",
+    "is policy"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:\n  do\\s+not\\s+(?:obey|follow|include|attach|forward|send|share|report|override|trust|treat|suppress)\n  |does\\s+not\\s+(?:obey|follow|include|attach|forward|send|share|override|overrides?|trust|treat|suppress)\n  |never\\s+(?:obey|include|attach|forward|send|share|report|override|trust|treat|suppress|overrides?)\n  |must\\s+not\\s+(?:obey|include|attach|forward|send|share|report|override|trust|treat|suppress)\n  |should\\s+(?:report|detect|flag|refuse|block)\n  |(?:security|incident|vulnerability)\\s+report.*\\b(?:flag|detect|block|refus)\n  |scanners?\\s+docs?\\s+should\\s+(?:report|detect|flag|refuse)\n)\\b)\n(?=.*(?:\n  \\bmanifest\\.json\\b|\\bbrowser\\s+extension\\b|\\bchrome\\s+extension\\b|\\bfirefox\\s+addon\\b\n  |(?<!\\w)\"manifest_version\"\\s*:|\\bchrome\\.webstore\\b|\\baddons\\.mozilla\\b\n  |\\bcontent_scripts\\b|\\bbackground\\s+scripts?\\b|\\bextension\\s+manifest\\b\n  |\\bpermissions\"\\s*:|\\bhost_permissions\"\\s*:\n  |\\bweb_accessible_resources\\b|\\bdeclarative_net_request\\b\n  |\\bedge\\s+addons?\\b\n))\n(?=.*\\b(?:\n  (?:ai|autonomous|devops|security|dependency|code)\\s+(?:agents?|assistants?|scanners?|crawlers?|reviewers?)\n  |(?:coding|code\\.review)\\s+agents?\n  |(?:llms?|models?|copilot|cursor|codex|claude)(?:\\s+(?:agents?|assistants?))?\n  |\\b(?:autonomous\\s+)?(?:scanners?|crawlers?)\\b\n  |\\bagents?\\b\n  |\\bassistants?\\b\n)\\b)\n(?=.*(?:\n  (?:(?:primary|single)\\s+source\\s+of\\s+truth)\n  |\\b(?:governing|controlling|canonical|definitive|authoritative)\\s+(?:document|policy|build\\s+policy|project\\s+description|model\\s+evaluation\\s+policy)\n  |(?:\\btakes?\\s+precedence\\b|\\boverr(?:ides?|ules?)\\b|\\bsupersede[ds]?\\b|\\boutranks?\\b)\n  |\\b(?:canonical|authoritative|definitive)\\s+(?:build|container|image|project|site|repository)\\s+(?:policy|description|configuration)\n  |\\bdefines?\\s+(?:(?:the\\s+)?rules?\\s+for\\s+(?:automated|AI|scanner|security|agent)\\s+(?:review|audit|scan)|all\\s+(?:scanner|security)\\s+rules?)\\b\n  |(?:(?:agent|scanner|assistant|verifier|crawler|moderation|review\\s+tool)\\s+instructions?)\n  |\\bthis\\s+(?:is|(?:file|document|label|comment|instruction|metadata|manifest)\\s+is)\\s+(?:the\\s+)?(?:governing|controlling|authoritative|canonical)\\b\n  |\\boverrules?\\s+(?:all\\s+)?(?:repository|scanner|security|system|developer)\\b\n  |\\bfor\\s+(?:ai\\s+)?(?:agents?|scanners?)\\s*:\\s*this\\b\n  |\\bauthoritative\\b\n))\n(?=.*(?:\n  \\b(?:suppress|hide|redact|exclude|omit|skip)\\s+(?:[-\\w]+\\s+){0,3}(?:findings?|warnings?|alerts?|reports?|flags?|issues?|scan(?:s|ning)?\\s+results?|vulnerabilit(?:y|ies)|checks?|dependencies?\\s+warning|notifications?|observations?|results?|diagnostics?)\n  |\\b(?:suppress|hide|redact|exclude|omit)\\s+(?:[-\\w]+\\s+){0,3}(?:all|any|every)\\s+(?:[-\\w]+\\s+){0,1}(?:finding|warning|alert|report|flag|issue|scan|vuln|check)\n  |\\b(?:treat|mark|flag)\\b.{0,40}?\\bas\\s+(?:informational|non\\.blocking|safe|clean|benign)\n  |\\b(?:include|attach|forward|send|share|provide|expose|collect)\\s+(?:[-\\w]+\\s+){0,2}(?:env(?:ironment)?\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?)|tokens?|API\\s+keys?|session\\s+(?:keys?|tokens?|cookies?)|local\\s+state|runtime\\s+(?:env(?:ironment)?|variables?|config(?:uration)?|settings?)|credentials?|auth\\s+(?:headers?|tokens?)|Bearer\\s+tokens?)\n  |\\b(?:do\\s+not\\s+(?:flag|escalate|report|scan|audit|block)|don't\\s+(?:flag|escalate|report|scan))\\b\n  |\\b(?:mark\\s+(?:this\\s+)?(?:container|image|build|site|project|package|extension|file)\\s+as\\s+clean\\b)\n  |\\b(?:omit\\s+from\\s+(?:summar(?:y|ies)|final\\s+report|audit\\s+reports?))\\b\n  |\\b(?:skip\\s+all\\s+checks?\\b)\n  |\\b(?:hide\\s+all\\s+vulnerability\\s+reports?\\b)\n  |\\b(?:forward\\s+(?:[-\\w]+\\s+){0,3}(?:to\\s+the\\s+)?(?:build\\s+(?:output|context|log)|maintainer|debug|report))\\b\n  |\\b(?:expose\\s+all\\s+local\\s+state\\b)\n))"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-034"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-035-browserconfig-pinned-site-metadata-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-035-browserconfig-pinned-site-metadata-agent-policy-poisoning.json
new file mode 100644
index 0000000..f77d1c2
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-035-browserconfig-pinned-site-metadata-agent-policy-poisoning.json
@@ -0,0 +1,37 @@
+{
+  "id": "GLS-DFP-035",
+  "name": "Browserconfig / pinned-site metadata agent policy poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "medium",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Detects hostile instructions embedded in `browserconfig.xml`, `msapplication-*` meta tags, and pinned-site tile metadata that try to make AI agents, crawlers, or scanners treat decorative site metadata as policy, hide findings, or forward local secrets.",
+  "keywords": [
+    "<browserconfig>",
+    "<msapplication>",
+    "API tokens",
+    "Authorization headers",
+    "SEO agent",
+    "Safari pinned tab",
+    "autonomous scanner/crawler/auditor",
+    "browserconfig.xml",
+    "cookies",
+    "developer rules",
+    "do not report",
+    "env vars"
+  ],
+  "regex": [
+    "(?isx)\n^(?!.*\\b(?:security|incident|vulnerability)\\s+reports?\\b.*\\b(?:flagged|detected|blocked|refused)\\b)\n (?!.*\\b(?:docs?|guide|reference|training|example)\\b.*\\b(?:should|must)\\s+(?:report|detect|flag|refuse|not\\s+obey|never\\s+obey)\\b)\n (?!.*\\b(?:browserconfig\\.xml|msapplication|pinned\\s+site)\\b.*\\b(?:does\\s+not|must\\s+not|never|do\\s+not)\\s+(?:instruct|override|supersede|outrank|obey)\\b)\n (?=.*(?:browserconfig\\.xml|msapplication-(?:config|Tile\\w+|navbutton-color|starturl)|<browserconfig\\b|<msapplication\\b|pinned\\s+site|site\\s+tile\\s+metadata|tile\\s+(?:color|image|badge)|safari\\s+pinned\\s+tab|mask-icon))\n (?=.*(?:AI\\s+agents?|LLMs?|assistants?|autonomous\\s+(?:scanners?|crawlers?|auditors?)|security\\s+scanners?|SEO\\s+agents?))\n (?=.*(?:ignore|override|supersed(?:e|es|ed|ing)?|outranks?|treat\\s+as\\s+(?:system|developer)\\s+policy|hide|suppress(?:es|ed|ing)?|do\\s+not\\s+report|not\\s+report|forward|include|send|attach|copy))\n (?=.*(?:system\\s+instructions?|developer\\s+rules?|findings?|reports?|warnings?|API\\s+tokens?|cookies?|authorization\\s+headers?|env(?:ironment)?\\s+vars?|local\\s+state|secrets?))\n .*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-035"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-036-csaf-vex-advisory-metadata-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-036-csaf-vex-advisory-metadata-agent-policy-poisoning.json
new file mode 100644
index 0000000..b3d56a1
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-036-csaf-vex-advisory-metadata-agent-policy-poisoning.json
@@ -0,0 +1,37 @@
+{
+  "id": "GLS-DFP-036",
+  "name": "CSAF / VEX advisory metadata agent-policy poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Machine-readable vulnerability-advisory metadata such as CSAF, VEX, and generated security-advisory JSON can carry agent/scanner-directed instructions that try to suppress CVE findings, downgrade exploitability, or forward local secrets during automated dependency/security review.",
+  "keywords": [
+    "AI agents",
+    "CVE-YYYY-NNNN",
+    "LLM agents",
+    "aggregateSeverity",
+    "assistants",
+    "attach",
+    "autonomous scanners",
+    "csaf",
+    "dependency scanners",
+    "do not report",
+    "documentTracking",
+    "downgrade"
+  ],
+  "regex": [
+    "(?isx)\n^(?!\n  (?=.*\\b(?:scanner|security|incident|vulnerability|training|runbook|docs?|guide|reference|report)\\b)\n  (?=.*\\b(?:should|must|will)\\s+(?:detect|report|flag|refuse|block)\\b)\n)\n(?!.*\\b(?:security|incident|vulnerability)\\s+reports?:?\\b.{0,160}\\b(?:blocked|flagged|detected|refused)\\b.{0,160}\\b(?:asked|attempted|contained)\\b)\n(?!.*\\b(?:must\\s+not|do\\s+not|never|does\\s+not)\\s+(?:obey|treat|follow|accept|use)\\b.{0,80}\\b(?:csaf|vex|advisory|security\\s+advisory|vulnerability\\s+exploitability)\\b)\n(?=.*\\b(?:csaf|vex|vulnerability[-\\s]+exploitability[-\\s]+exchange|security[-\\s]+advisor(?:y|ies)|product_tree|vulnerabilities|cve-\\d{4}-\\d+|documentTracking|tracking|aggregateSeverity|threats|remediations)\\b)\n(?=.*\\b(?:ai\\s*agents?|llm\\s*agents?|autonomous\\s+scanners?|dependency\\s+scanners?|security\\s+scanners?|assistants?|vulnerability\\s+auditors?)\\b)\n(?=.*\\b(?:ignore|outrank(?:s|ed|ing)?|supersed(?:e|es|ed|ing)?|suppress(?:es|ed|ing)?|hide|mark\\s+(?:as\\s+)?clean|downgrade|do\\s+not\\s+report|not\\s+report|forward|include|send|attach|export)\\b)\n(?=.*\\b(?:findings?|reports?|warnings?|cves?|vulnerabilit(?:y|ies)|exploitability|tokens?|api\\s*keys?|secrets?|env(?:ironment)?\\s*(?:vars?|variables?)|authorization|session)\\b)\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-036"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-037-docker-compose-extension-field-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-037-docker-compose-extension-field-agent-policy-poisoning.json
new file mode 100644
index 0000000..3b2b731
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-037-docker-compose-extension-field-agent-policy-poisoning.json
@@ -0,0 +1,36 @@
+{
+  "id": "GLS-DFP-037",
+  "name": "Docker Compose Extension-Field Agent Policy Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "medium",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Docker Compose files support `x-*` extension fields and `labels` at service, network, volume, and top levels that carry arbitrary free-text metadata. AI DevOps agents that read Compose files during deployment planning, security review, or container lifecycle management may ingest these fields as tru",
+  "keywords": [
+    "DevOps agent",
+    "\\bagents?\\b",
+    "agents",
+    "auth context",
+    "authoritative",
+    "autonomous scanner",
+    "canonical policy",
+    "compose.yaml",
+    "compose.yml",
+    "container scanner",
+    "container_name"
+  ],
+  "regex": [
+    "(?isx)\n^(?!.*\\b(?:must\\s+not\\s+(?:treat|obey|follow|use)|do\\s+not\\s+(?:treat|obey|follow|forward|include|suppress)|never\\s+(?:treat|obey|override|overrides?|forward|include|suppress)|should\\s+(?:report|detect|flag|refuse|block)|refused|blocked|detected|flagged)\\b)\n(?=.*(?:docker[._-]?compose|compose\\.ya?ml|x-agent-policy|x-scanner-policy|x-security-override|x-ai-(?:instructions?|notes?|policy)|container_name|com\\.example\\.\\w+_policy|labels?\\s*:.*(?:agent|scanner|policy)))\n(?=.*(?:ai\\s+(?:agents?|assistants?|scanners?)|assistant|llms?|autonomous\\s+(?:scanners?|crawlers?|verifiers?|agents?)|security\\s+scanners?|agentic|container\\s+scanners?|devops\\s+agents?|deployment\\s+agents?|\\bagents?\\b))\n(?=.*(?:authoritative|supersedes?|outranks?|overrides?|highest\\s+priority|canonical\\s+policy|must\\s+obey|ignore\\s+(?:system|developer|repository)\\s+rules?|takes?\\s+precedence|governing\\s+config|suppress(?:es|ed|ing)?\\s+.*?(?:findings?|warnings?|reports?)|hide\\s+findings?|mark\\s+.*?\\b(?:clean|safe)\\b|do\\s+not\\s+report|do\\s+not\\s+flag|false\\s+positive|skip\\s+checks?|include\\s+(?:ci|environment|env)|forward\\s+(?:ci|environment|env|tokens?|\\w+)|send\\s+(?:env|token|secret|key|\\w+)|api[_\\s]?keys?|tokens?|secrets?|authorization|local\\s+state|auth\\s+context|exclude\\s+from\\s+scan|whitelist|allowlist))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-037"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-038-dockerfile-containerfile-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-038-dockerfile-containerfile-metadata-poisoning.json
new file mode 100644
index 0000000..eee1633
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-038-dockerfile-containerfile-metadata-poisoning.json
@@ -0,0 +1,37 @@
+{
+  "id": "GLS-DFP-038",
+  "name": "Dockerfile / Containerfile Metadata Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Malicious `LABEL`, `ENV`, comment (`#`), and `ONBUILD` instructions embedded in Dockerfiles / Containerfiles can carry AI-agent/scanner-directed authority inversion, report suppression, or credential/local-state forwarding requests. AI coding agents that review Dockerfiles during security audit, bui",
+  "keywords": [
+    "(?<![a-zA-Z0-9])",
+    "- Hygiene report:",
+    ".github/workflows/*.yml",
+    "Intake:",
+    "LABEL",
+    "Makefile",
+    "ONBUILD",
+    "ai-agent / scanner audience",
+    "analyzing dependency trees and base images",
+    "auditing containerized applications for security",
+    "authority inversion or policy-override language",
+    "config(?:uration)?"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:\n  do\\s+not\\s+(?:obey|follow|include|attach|forward|send|share|report|override|trust|treat|suppress)\n  |does\\s+not\\s+(?:obey|follow|include|attach|forward|send|share|override|overrides?|trust|treat|suppress)\n  |never\\s+(?:obey|include|attach|forward|send|share|report|override|trust|treat|suppress|overrides?)\n  |must\\s+not\\s+(?:obey|include|attach|forward|send|share|report|override|trust|treat|suppress)\n  |should\\s+(?:report|detect|flag|refuse|block)\n  |AI\\s+agents\\s+should\\s+follow\\s+(?:their\\s+)?built-in\\s+safety\n  |Dockerfile\\s+metadata\\s+(?:does\\s+not|never|must\\s+not)\\s+override\n  |scanners\\s+should\\s+report\\s+(?:any\\s+)?(?:unpinned|Dockerfile)\n)\\b)\n(?=.*(?:\n  \\b(?:FROM|RUN|COPY|ADD|WORKDIR|CMD|ENTRYPOINT|EXPOSE|VOLUME|USER|ARG|ONBUILD|STOPSIGNAL|HEALTHCHECK|SHELL)\\b\n  |(?<![a-zA-Z0-9])(?:LABEL|ENV)(?![a-zA-Z0-9])\n  |(?<![a-zA-Z0-9])dockerfile(?![a-zA-Z0-9])\n  |(?<![a-zA-Z0-9])containerfile(?![a-zA-Z0-9])\n  |\\bDockerfile\\b\n  |\\bContainerfile\\b\n  |\\bcontainer\\s+image\\b\n  |\\bmulti.stage\\s+build\\b\n))\n(?=.*\\b(?:\n  (?:ai|autonomous|devops|security|dependency|code)\\s+(?:agents?|assistants?|scanners?|crawlers?|reviewers?)\n  |(?:coding|code.review)\\s+agents?\n  |(?:llms?|models?|copilot|cursor|codex|claude)(?:\\s+(?:agents?|assistants?))?\n  |\\b(?:autonomous\\s+)?(?:scanners?|crawlers?)\\b\n  |\\bagents?\\b\n  |\\bassistants?\\b\n)\\b)\n(?=.*(?:\n  (?:(?:primary|single)\\s+source\\s+of\\s+truth)\n  |\\b(?:governing|controlling|canonical|definitive|authoritative)\\s+(?:document|policy|build\\s+policy|project\\s+description|model\\s+evaluation\\s+policy)\n  |(?:\\btakes?\\s+precedence\\b|\\boverr(?:ides?|ules?)\\b|\\bsupersede[ds]?\\b|\\boutranks?\\b)\n  |\\b(?:canonical|authoritative|definitive)\\s+(?:build|container|image|project)\\s+(?:policy|description|configuration)\n  |\\bdefines?\\s+all\\s+(?:scanner|security)\\s+rules?\\b\n  |(?:(?:agent|scanner|assistant|verifier|crawler|moderation|review\\s+tool)\\s+instructions?)\n  |\\bthis\\s+(?:is|(?:label|comment|instruction|metadata)\\s+is)\\s+(?:the\\s+)?(?:governing|controlling|authoritative|canonical)\\b\n  |\\boverrules?\\s+(?:all\\s+)?(?:repository|scanner|security|system|developer)\\b\n  |\\bfor\\s+(?:ai\\s+)?(?:agents?|scanners?)\\s*:\\s*this\\b\n))\n(?=.*(?:\n  \\b(?:suppress|hide|redact|exclude|omit|skip)\\s+(?:[-\\w]+\\s+){0,3}(?:findings?|warnings?|alerts?|reports?|flags?|issues?|scan(?:s|ning)?\\s+results?|vulnerabilit(?:y|ies)|checks?|dependencies?\\s+warning)\n  |\\b(?:suppress|hide|redact|exclude|omit)\\s+(?:[-\\w]+\\s+){0,3}(?:all|any|every)\\s+(?:[-\\w]+\\s+){0,1}(?:finding|warning|alert|report|flag|issue|scan|vuln|check)\n  |\\b(?:treat|mark|flag)\\b.{0,40}?\\bas\\s+(?:informational|non.blocking|safe|clean|benign)\n  |\\b(?:include|attach|forward|send|share|provide|expose|collect)\\s+(?:[-\\w]+\\s+){0,2}(?:env(?:ironment)?\\s+(?:variables?|context|details?|config(?:uration)?|state)|tokens?|API\\s+keys?|session\\s+(?:keys?|tokens?|cookies?)|local\\s+state|runtime\\s+(?:env(?:ironment)?|variables?|config(?:uration)?)|credentials?|auth\\s+(?:headers?|tokens?)|Bearer\\s+tokens?)\n  |\\b(?:do\\s+not\\s+(?:flag|escalate|report|scan|audit|block)|don't\\s+(?:flag|escalate|report|scan))\\b\n  |\\b(?:mark\\s+(?:this\\s+)?(?:container|image|build)\\s+as\\s+clean\\b)\n  |\\b(?:omit\\s+from\\s+(?:summar(?:y|ies)|final\\s+report|audit\\s+reports?))\\b\n  |\\b(?:skip\\s+all\\s+checks?\\b)\n  |\\b(?:hide\\s+all\\s+vulnerability\\s+reports?\\b)\n  |\\b(?:forward\\s+(?:[-\\w]+\\s+){0,3}(?:to\\s+the\\s+)?build\\s+(?:output|context|log))\\b\n  |\\b(?:expose\\s+all\\s+local\\s+state\\b)\n))"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-038"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-039-env-example-dotenv-template-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-039-env-example-dotenv-template-agent-policy-poisoning.json
new file mode 100644
index 0000000..a34d45f
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-039-env-example-dotenv-template-agent-policy-poisoning.json
@@ -0,0 +1,39 @@
+{
+  "id": "GLS-DFP-039",
+  "name": "`.env.example` / Dotenv Template Agent Policy Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "AI coding agents are trained to read `.env.example` (and `.env.template`, `.env.sample`) to understand required environment variables. A hostile `.env.example` can inject agent instructions that request credential forwarding, suppress scanner findings, or assert authority over system/developer rules",
+  "keywords": [
+    "# Agent instruction:",
+    "# For AI coding agents:",
+    "# agent...",
+    "$ANTHROPIC_API_KEY",
+    "$OPENAI_API_KEY",
+    ") | Handle",
+    ".cursor/rules",
+    ".env",
+    ".env.*.example",
+    ".env.development.example",
+    ".env.example",
+    ".env.local.example",
+    ".env.sample",
+    ".env.template"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:\n  do\\s+not\\s+(?:treat|obey|follow|include|forward|send|share|override|trust|report|cop(?:y|ied)|fill\\s+in)\n  |never\\s+(?:treat|obey|include|forward|send|share|override|trust|commit|include)\n  |must\\s+not\\s+(?:treat|obey|follow|include|forward|send|share|override|trust)\n  |should\\s+(?:not\\s+\\w+|report|detect|flag|refuse|block)\n  |refused|blocked|detected|flagged\n))\n(?=.*(?:\\.env\\.(?:example|template|sample|local\\.\\w+|development\\.\\w+)|\\.env\\.)\n  |(?=.*\\#.*(?:agent|scanner|assistant|copilot|claude\\s*code|codex|cursor|windsurf|verifier|crawler))\n)\n(?=.*\\b(?:\n  ai\\s+agents?|autonomous\\s+agents?|devops\\s+agents?|coding\\s+agents?\n  |agents?|scanners?|assistants?|copilot|cursor|codex|claude\\s*code|verifiers?|crawlers?\n)\\b)\n(?=.*(?:\n  canonical|supersedes?|overrides?|overrules?|outranks?\n  |(?:primary|single)\\s+source\\s+of\\s+truth\n  |governing\\s+document|takes\\s+precedence\n  |defines\\s+all\\s+(?:scanner\\s+)?rules?\n  |controls?\\s+(?:all\\s+)?(?:scanner\\s+)?(?:rules?|polic(?:y|ies))\n  |controlling\\s+document|source\\s+of\\s+truth\n  |governs?\\s+(?:all\\s+)?(?:environment|config)\n  |agent\\s+instruction|scanner\\s+instruction\n  |assistant\\s+instruction|verifier\\s+instruction\n  |scanner\\s+(?:policy|directive|rule|note)\n  |agent\\s+(?:setup|configuration|directive|note|policy|rule)\n  |for\\s+ai\\s+(?:coding\\s+)?agents?\n  |for\\s+agents?\n  |for\\s+(?:claude|copilot|cursor|codex)\n))\n(?=.*(?:\n  (?:read|copy|include|attach|share|forward|export|provide|expose|send|collect)\n  \\s+(?:[\\w-]+\\s+){0,4}\n  (?:environment\\s+(?:variables?|context|details?|config(?:uration)?|state)\n    |runtime\\s+(?:variables?|config(?:uration)?|environment)\n    |local\\s+(?:state|config(?:uration)?|details?)\n    |shell\\s+(?:environment|variables?|state|config)\n    |(?:API|auth)\\s*(?:key|token|secret)s?\n    |tokens?|secrets?|credentials?)\n  |(?:treat|mark|flag)\\s*.{0,40}?\\s*as\\s+\n    (?:informational|non[\\-\\s]?blocking|non[\\-\\s]?actionable)\n  |(?:suppress|hide|redact|exclude|omit)\n    \\s+(?:[\\w-]+\\s+){0,4}\n    (?:findings?|warnings?|alerts?|reports?|flags?|issues?\n    |scan(?:s|ning)?\\s+(?:results?|output|findings?))\n  |do\\s+not\\s+(?:flag|report|escalate)\n  |non[\\-\\s]?(?:blocking|actionable)\\s+by\\s+design\n  |omit\\s+from\\s+(?:summar|report|scan)\n))"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-039"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-040-helm-chart-yaml-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-040-helm-chart-yaml-agent-policy-poisoning.json
new file mode 100644
index 0000000..3474631
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-040-helm-chart-yaml-agent-policy-poisoning.json
@@ -0,0 +1,37 @@
+{
+  "id": "GLS-DFP-040",
+  "name": "Helm Chart.yaml Agent Policy Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "medium",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "An attacker embeds hostile AI-agent instructions in Helm Chart.yaml `description`, `annotations`, `maintainers`, `keywords`, `appVersion`, or `x-*` extension fields, exploiting the agent's trust in chart metadata during deployment planning, security scanning, or Kubernetes auditing to suppress findi",
+  "keywords": [
+    "\"1.0.0-agent-skip-checks\"",
+    "\"agent-suppress-findings\"",
+    "\"scanner-hide-csp\"",
+    "AI agents",
+    "API_KEY",
+    "Automated tools",
+    "Chart.yaml",
+    "Does not override",
+    "GITHUB_TOKEN",
+    "Helm chart",
+    "Kubernetes scanner",
+    "Transparency Addendum"
+  ],
+  "regex": [
+    "(?six)^(?!.*\\b(?:do\\s+not\\s+(?:obey|follow|include|attach|forward|send|share|override|overrides?|trust)|never\\s+(?:treat|obey|include|attach|forward|send|share|override|overrides?|trust)|must\\s+not\\s+(?:treat|obey|include|attach|forward|send|share|override|overrides?|trust)|should\\s+(?:report|detect|flag|refuse|block)|refused|blocked|detected|flagged)\\b)(?=.*(?:Chart\\.ya?ml|Helm\\s+chart|apiVersion:\\s*v2|artifacthub\\.io|(?:^|\\n)\\s*description:\\s*[>|]|(?:^|\\n)\\s*annotations:|maintainers:|keywords:|appVersion:|kubeVersion:|type:\\s*(?:application|library)|x-agent-policy|x-scanner-policy|x-ai-(?:instructions?|notes?|policy)|agent_policy|scanner_policy|(?<!\\w)\"description\"|(?<!\\w)\"annotations\"))(?=.*(?<![a-zA-Z0-9])(?:AI\\s+agents?|automated\\s+(?:analysis|system|tool)s?|Kubernetes\\s+scanners?|deployment\\s+agents?|security\\s+scanners?|coding\\s+assistants?|autonomous\\s+(?:scanners?|crawlers?|verifiers?|agents?)|language\\s+models?|LLMs?|assistants?|agentic|\\bagents?\\b)(?![a-zA-Z0-9]))(?=.*(?:\\b(?:governing\\s+document|takes?\\s+precedence|overrides?|outranks?|supersed(?:e|es|ed|ing)?|canonical(?:\\s+(?:project|security|governing|policy))?(?:\\s+(?:description|policy|document))?|definitive(?:\\s+(?:project|model\\s+evaluation))?(?:\\s+(?:description|policy))?|(?:primary|single)\\s+source\\s+of\\s+truth|controlling\\s+document|is\\s+the\\s+final\\s+word|defines\\s+all\\s+scanner\\s+rules?|(?:agent|scanner|assistant|verifier|crawler)\\s+instructions?|(?:agent|scanner|assistant|verifier|crawler)[._](?:policy|instructions?|note))\\b|\\b(?:suppress(?:es|ed|ing)?\\b.{0,40}?\\b(?:findings?|warnings?|alerts?|reports?|flags?)|hide\\b.{0,40}?\\b(?:findings?|warnings?|alerts?|reports?)|do\\s+not\\s+report|do\\s+not\\s+flag|skip\\s+(?:all\\s+)?(?:security\\s+)?checks?|omit\\b.{0,40}?\\b(?:findings?|reports?|summar(?:y|ies)|issues?|warnings?)|redact\\b.{0,30}?\\b(?:findings?|warnings?|flags?)|treat\\b.{0,40}?as\\s+informational|mark\\b.{0,40}?as\\s+(?:informational|safe|low|none)|classify\\b.{0,30}?\\b(?:informational|low|none|false\\s+positive)|flag\\b.{0,40}?as\\s+(?:informational|low|none))\\b|\\b(?:API[_.-]?KEY|GITHUB[_.-]?TOKEN|bearer\\s+token|Authorization\\s*:)|(?:\\b(?:include|attach|forward|send|collect|embed|share|provide|expose)\\b.{0,40}?\\b(?:environment\\s+(?:variables?|context)|runtime\\s+(?:variables?|context)|tokens?|credentials?|API\\s+keys?|secrets?|session|local\\s+state)\\b)|\\b(?:transparency\\s+(?:header|addendum|requirement)|compliance\\s+(?:addendum|requirement|provision)|canonical\\s+(?:policy|governing)(?:\\s+(?:description|policy|document))?)\\b|\\boverrides?\\b.{0,30}?\\b(?:system\\s+prompt|safety\\s+polic|built-in|default|developer|user\\s+instruction)\\b|\\btakes?\\s+precedence\\s+over\\b.{0,20}?\\b(?:system|safety|developer|user)\\b))"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-040"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-041-hugging-face-model-card-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-041-hugging-face-model-card-agent-policy-poisoning.json
new file mode 100644
index 0000000..7f51e50
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-041-hugging-face-model-card-agent-policy-poisoning.json
@@ -0,0 +1,39 @@
+{
+  "id": "GLS-DFP-041",
+  "name": "Hugging Face Model Card Agent Policy Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "A Hugging Face model card (README.md with YAML frontmatter) carries agent-targeted instructions \u2014 authority inversion, report suppression, or credential forwarding \u2014 that an AI agent browsing HF Hub for model evaluation will treat as trusted model-documentation policy.",
+  "keywords": [
+    "---\\n",
+    "Hugging Face",
+    "agent instruction",
+    "datasets:",
+    "for agents",
+    "language:",
+    "license:",
+    "metrics:",
+    "model card",
+    "model description",
+    "model evaluator",
+    "model-index:",
+    "pipeline_tag",
+    "pipeline_tag:"
+  ],
+  "regex": [
+    "(?is)^(?!.*\\b(?:security report|incident report|vulnerability report|docs|guide|article|reference)\\b.{0,80}?\\b(?:blocked|flagged|detected|refused|should report|should detect)\\b)(?!.*\\b(?:must not|do not|never)\\s+(?:treat|obey|follow|use|override|supersede)\\b.{0,80}?\\b(?:model card|model description|hugging\\s*face|pipeline_tag|hf\\s*hub)\\b)(?=.*\\b(?:---\\s*\\n|pipeline_tag|model.?index|model.?card|model\\s+description|hugging\\s*face\\s+(?:hub|model)|hf\\s*hub|language:\\s|license:\\s|datasets:|metrics:|library_name)\\b)(?=.*(?:(?<![a-zA-Z0-9])(?:ai\\s+agents?|security\\s+scanners?|model\\s+evaluators?|autonomous\\s+agents?|devops\\s+agents?|agents?|scanners?|assistants?|crawlers?|llms?|copilot|cursor|codex|claude)(?![a-zA-Z0-9])|for\\s+(?:agents?|scanners?|evaluators?)\\b))(?=.*\\b(?:(?:primary|single)\\s+source\\s+of\\s+truth|governing\\s+document|takes?\\s+precedence|canonical\\s+(?:project\\s+|model\\s+)?(?:description|policy)|definitive\\s+(?:project\\s+|model\\s+evaluation\\s+)?(?:description|policy)|overrides?\\s+(?:system|scanner|security|repository|developer)\\s+(?:rules?|polic(?:y|ies)|instructions?)|supersed(?:e|es|ed|ing)\\s+(?:system|scanner|security)\\s+(?:rules?|polic(?:y|ies)|instructions?)|outranks?\\s+(?:system|scanner|security)\\s+(?:rules?|polic(?:y|ies))|(?:agent|scanner|assistant|verifier|crawler|evaluator)\\s+instructions?)\\b)(?=.*\\b(?:suppress(?:es|ed|ing)?\\s+(?:[a-zA-Z-]+\\s+){0,3}(?:findings?|warnings?|reports?|flags?|vulnerabilit(?:y|ies)|issues?)|hide\\s+(?:[a-zA-Z-]+\\s+){0,3}(?:findings?|warnings?|reports?|flags?)|omit\\s+(?:[a-zA-Z-]+\\s+){0,2}(?:from\\s+)?(?:findings?|reports?|summar(?:y|ies)|warnings?)|exclude\\s+(?:[a-zA-Z-]+\\s+){0,2}(?:from\\s+)?(?:findings?|reports?|warnings?)|redact\\s+(?:[a-zA-Z-]+\\s+){0,2}(?:findings?|flags?|warnings?)|treat.{0,40}?as\\s+informational|mark.{0,40}?as\\s+(?:safe|clean|pre.?verified)|disable\\s+(?:[a-zA-Z-]+\\s+){0,3}(?:scanners?|checks?|verifications?|audits?)|do\\s+not\\s+(?:run|execute|perform)\\s+(?:[a-zA-Z-]+\\s+){0,3}(?:scans?|checks?|audits?)|attach\\s+(?:[a-zA-Z-]+\\s+){0,2}(?:auth|API|Bearer|session|token|environment|runtime|config(?:uration)?|context|variables?|keys?|local\\s+state)|include\\s+(?:[a-zA-Z-]+\\s+){0,2}(?:auth|API|Bearer|session|token|environment|runtime|config(?:uration)?|context|variables?|keys?|local\\s+state)|forward\\s+(?:[a-zA-Z-]+\\s+){0,2}(?:auth|API|Bearer|session|token|environment|runtime|config(?:uration)?|context|variables?|keys?|local\\s+state)|send\\s+(?:[a-zA-Z-]+\\s+){0,2}(?:auth|API|Bearer|session|token|environment|runtime|config(?:uration)?|context|variables?|keys?|local\\s+state)|share\\s+(?:[a-zA-Z-]+\\s+){0,2}(?:auth|API|Bearer|session|token|environment|runtime|config(?:uration)?|context|variables?|keys?|local\\s+state)|provide\\s+(?:[a-zA-Z-]+\\s+){0,2}(?:auth|API|Bearer|session|token|environment|runtime|config(?:uration)?|context|variables?|keys?|local\\s+state)|collect\\s+(?:[a-zA-Z-]+\\s+){0,2}(?:auth|API|Bearer|session|token|environment|runtime|config(?:uration)?|context|variables?|keys?|local\\s+state)|embed\\s+(?:[a-zA-Z-]+\\s+){0,2}(?:auth|API|Bearer|session|token|environment|runtime|config(?:uration)?|context|variables?|keys?|local\\s+state)|expos(?:e|ing)\\s+(?:[a-zA-Z-]+\\s+){0,2}(?:auth|API|Bearer|session|token|environment|runtime|config(?:uration)?|context|variables?|keys?|local\\s+state))\\b)"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-041"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-042-jupyter-notebook-ipynb-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-042-jupyter-notebook-ipynb-metadata-poisoning.json
new file mode 100644
index 0000000..e72023f
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-042-jupyter-notebook-ipynb-metadata-poisoning.json
@@ -0,0 +1,24 @@
+{
+  "id": "GLS-DFP-042",
+  "name": "Jupyter Notebook (.ipynb) Metadata Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Malicious Jupyter notebook (`.ipynb`) metadata fields \u2014 `kernelspec.display_name`, `language_info`, notebook-level custom fields, cell-level metadata \u2014 can carry AI-agent-targeting instructions that survive rendering (humans see outputs; agents read raw JSON metadata) and exploit the notebook's dual",
+  "keywords": [],
+  "regex": [
+    "(?six)^(?!.*\\b(?:do\\s+not\\s+(?:obey|follow|include|attach|forward|send|share|overrides?|trust)|does\\s+not\\s+(?:obey|follow|include|attach|forward|send|share|override|overrides?|trust)|never\\s+(?:obey|include|attach|forward|send|share|overrides?|trust)|must\\s+not\\s+(?:obey|include|attach|forward|send|share|overrides?|trust)|should\\s+(?:report|detect|flag|refuse|block)))(?=.*\\b(?:\\.ipynb|nbformat|kernelspec|jupyter\\s+notebook|display_name|language_info|cell(?:_type|s\\b|\\.metadata|.*metadata)|notebook.*metadata)\\b)(?=.*(?<![a-zA-Z0-9])(?:ai\\s+(?:agents?|assistants?|coding\\s+agents?|scanners?|verifiers?)|autonomous\\s+(?:agents?|scanners?)|llm\\s+(?:agents?|scanners?)|coding\\s+agents?|agents?|assistants?|scanners?|verifiers?|crawlers?|models?|your\\s+(?:default\\s+)?(?:instructions?|rules?|polic(?:y|ies)))\\b)(?=.*\\b(?:(?:overrides?|overrules?|outranks?|supersed(?:e|es|ed|ing)?)|takes?\\s+precedence|higher\\s+priority|canonical(?:\\\\s+(?:project|model|security|governing|policy))?(?:\\\\s+(?:description|policy|document))?|definitive(?:\\\\s+(?:project|model\\s+evaluation))?(?:\\\\s+(?:description|policy))?|(?:primary|single)\\\\s+source\\\\s+of\\\\s+truth|governing\\\\s+document|controlling\\\\s+document|is\\s+the\\s+final\\s+word|\\bauthoritative\\b|defines?\\s+(?:(?:the\\s+)?rules?\\s+for\\s+(?:automated|AI|scanner|security|agent)\\\\s+(?:review|audit|scan)|all\\s+(?:scanner|security|agent)\\s+rules?)|is\\s+the\\s+reference\\s+implementation|(?:(?:agent|scanner|assistant|verifier|crawler)\\s+instructions?|(?:agent|scanner|assistant|verifier|crawler)[._](?:policy|instructions?|note)|(?:moderation|review\\s+tool)\\s+instructions?)|(?:scanner|agent|assistant|moderation)\\\\s+(?:directive|notice)|for\\s+(?:ai\\s+)?(?:agents?|scanners?|assistants?|coding\\s+agents?).{0,25}?\\bthis\\b)\\b)(?=.*\\b(?:suppress(?:es|ed|ing)?|hide.{0,3}.{0,35}?\\b(?:findings?|warnings?|alerts?|reports?|flags?)|do\\s+not\\s+(?:report|flag|escalate)|skip.{0,30}?\\b(?:security\\s+)?(?:checks?|scans?|reviews?|audits?|reports?|findings?|warnings?|alerts?)\\b|omit.{0,20}?(?:findings?|reports?|summar(?:y|ies)|issues?|warnings?)|exclude.{0,2}(?:[\\w-]+\\s+){0,2}(?:findings?|reports?|summar(?:y|ies)|issues?|warnings?|flags?)|redact.{0,30}?(?:findings?|warnings?|flags?)|treat.{0,40}?as\\s+informational|mark.{0,40}?as\\s+(?:informational|safe|low|none)|classify.{0,30}?(?:as\\s+)?(?:informational|low|none|false\\s+positive)|flag.{0,40}?as\\s+(?:informational|low|none)|include.{0,2}(?:[\\w-]+\\s+){0,2}(?:environment\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?)|runtime\\s+(?:context|variables?|config(?:uration)?|settings?)|local\\s+(?:state|config(?:uration)?|settings?)|(?:API|Bearer|session|auth)\\\\s+(?:keys?|tokens?)|credentials?|secrets?|GITHUB_TOKEN|CI_ENV|Authorization)|attach.{0,2}(?:[\\w-]+\\s+){0,2}(?:environment\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?)|runtime\\s+(?:context|variables?|config(?:uration)?|settings?)|local\\s+(?:state|config(?:uration)?|settings?)|(?:API|Bearer|session|auth)\\\\s+(?:keys?|tokens?)|credentials?|secrets?)|forward.{0,2}(?:[\\w-]+\\s+){0,2}(?:environment\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?)|runtime\\s+(?:context|variables?|config(?:uration)?|settings?)|local\\s+(?:state|config(?:uration)?|settings?)|(?:API|Bearer|session|auth)\\\\s+(?:keys?|tokens?)|credentials?|secrets?)|send.{0,2}(?:[\\w-]+\\s+){0,2}(?:environment\\s+(?:variables?|context)|runtime\\s+(?:context|variables?)|(?:API|Bearer|session|auth)\\\\s+(?:keys?|tokens?)|credentials?|secrets?)|share.{0,2}(?:[\\w-]+\\s+){0,2}(?:environment\\s+(?:variables?|context|details?|config(?:uration)?|settings?)|runtime\\s+(?:context|variables?|config(?:uration)?|settings?)|(?:API|Bearer|session|auth)\\\\s+(?:keys?|tokens?)|credentials?|secrets?)|provide.{0,2}(?:[\\w-]+\\s+){0,2}(?:environment\\s+(?:variables?|context|details?|config(?:uration)?|settings?)|runtime\\s+(?:context|variables?|config(?:uration)?|settings?)|local\\s+(?:state|config(?:uration)?|settings?)|(?:API|Bearer|session|auth)\\\\s+(?:keys?|tokens?)|credentials?|secrets?)|expose.{0,2}(?:[\\w-]+\\s+){0,2}(?:environment\\s+(?:variables?|context|details?|settings?)|runtime\\s+(?:variables?|settings?)|local\\s+(?:state|settings?)|(?:API|Bearer|session|auth)\\\\s+(?:keys?|tokens?)|credentials?|secrets?)|collect.{0,2}(?:[\\w-]+\\s+){0,2}(?:environment\\s+(?:variables?|context|details?)|runtime\\s+(?:context|variables?)|(?:API|Bearer|session|auth)\\\\s+(?:keys?|tokens?)|credentials?|secrets?)|embed.{0,2}(?:[\\w-]+\\s+){0,2}(?:environment\\s+(?:variables?|context)|runtime\\s+(?:context|variables?)|(?:API|Bearer|session|auth)\\\\s+(?:keys?|tokens?)|credentials?|secrets?))\\b)(?=.*\\b(?:findings?|warnings?|alerts?|reports?|flags?|issues?|checks?|vulnerabilit(?:y|ies)|environment\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?)|runtime\\s+(?:context|variables?|config(?:uration)?|settings?)|API\\s+keys?|tokens?|secrets?|credentials?|local\\s+state|GITHUB_TOKEN|CI_ENV|Authorization|Bearer|cells?)\\b)"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-042"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-043-kubernetes-annotation-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-043-kubernetes-annotation-agent-policy-poisoning.json
new file mode 100644
index 0000000..68cea4b
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-043-kubernetes-annotation-agent-policy-poisoning.json
@@ -0,0 +1,34 @@
+{
+  "id": "GLS-DFP-043",
+  "name": "Kubernetes Annotation Agent Policy Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "medium",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Kubernetes annotations and labels on Deployments, Pods, Services, ConfigMaps, and CRDs carry arbitrary free-text metadata that AI DevOps agents, security scanners, and cluster-automation assistants ingest during deployment planning, compliance review, and runtime monitoring. An attacker can embed au",
+  "keywords": [
+    "(?:primary|single) source of truth",
+    "-instructions",
+    "ConfigMap",
+    "Deployment",
+    "DevOps agent",
+    "SRE assistant",
+    "Service",
+    "_instructions",
+    "_policy"
+  ],
+  "regex": [
+    "(?isx)\n^(?!.*\\b(?:must\\s+not\\s+(?:treat|obey|follow|use)|do\\s+not\\s+(?:treat|obey|follow|forward|include|suppress)|never\\s+(?:treat|obey|override|overrides?|forward|include|suppress)|should\\s+(?:report|detect|flag|refuse|block)|refused|blocked|detected|flagged|do\\s+not\\s+instruct)\\b)\n(?=.*(?:apiVersion|kind\\s*:\\s*(?:Deployment|Pod|Service|ConfigMap|DaemonSet|StatefulSet|Job|CronJob|Ingress|ReplicaSet)|metadata\\s*:|annotations\\s*:|labels\\s*:|data\\s*:|kubectl\\.kubernetes\\.io/|kubernetes\\.io/|k8s\\.io/|scanner\\.kubernetes\\.io/|_policy|-policy|_instructions|-instructions|configmap|kube-system|kubeconfig))\n(?=.*(?:(?<![a-zA-Z0-9])(?:ai\\s+(?:agents?|assistants?|scanners?)|assistants?|llms?|autonomous\\s+(?:scanners?|crawlers?|verifiers?|agents?)|security\\s+scanners?|agentic|container\\s+scanners?|devops\\s+agents?|deployment\\s+agents?|cluster\\s+scanners?|k8s\\s+scanners?|compliance\\s+agents?|sre\\s+assistants?|\\bagents?\\b)(?![a-zA-Z0-9])))\n(?=.*(?:authoritative|supersed(?:e|es|ed|ing)?|outranks?|overrides?\\s+all|highest\\s+priority|canonical\\s+policy|must\\s+obey|ignore\\s+(?:system|developer|repository|scanner)\\s+rules?|takes?\\s+precedence|governing\\s+config|(?:primary|single)\\s+source\\s+of\\s+truth|final\\s+word|definitive|suppress(?:es|ed|ing)?\\s+(?:[\\w-]+\\s+){0,2}(?:findings?|warnings?|reports?|issues?|alerts?)|hide\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|CSP|TLS|warnings?|reports?)|mark\\s+.*?\\b(?:clean|safe)\\b|do\\s+not\\s+report|do\\s+not\\s+flag|false\\s+positive|skip\\s+checks?|exclude\\s+from\\s+scan|omit\\s+from\\s+(?:reports?|summaries?|findings?)|redact\\s+(?:[\\w-]+\\s+){0,2}(?:findings?|flags?|warnings?)|treat\\s+as\\s+informational|forward\\s+(?:[\\w-]+\\s+){0,2}(?:ci\\s+environment|environment\\s+(?:variables?|context)|tokens?|secrets?|api\\s+keys?|auth(?:orization)?|local\\s+state)|include\\s+(?:[\\w-]+\\s+){0,2}(?:environment\\s+(?:variables?|context)|tokens?|api\\s+keys?|auth(?:orization)?\\s+headers?|local\\s+state|ci\\s+variables?)|send\\s+(?:[\\w-]+\\s+){0,2}(?:env|tokens?|secrets?|api\\s+keys?|auth(?:orization)?\\s+headers?)|collect\\s+(?:[\\w-]+\\s+){0,2}(?:env(?:ironment)?\\s+(?:variables?|context)|tokens?)|provide\\s+(?:[\\w-]+\\s+){0,2}(?:local\\s+(?:state|config|secrets?)|environment\\s+(?:variables?|context))|share\\s+(?:[\\w-]+\\s+){0,2}(?:environment\\s+(?:variables?|context)|local\\s+(?:state|config))|session\\s+tokens?|Authorization\\s+header|API\\s+keys?|CI\\s+variables?))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-043"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-044-oci-container-image-label-annotation-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-044-oci-container-image-label-annotation-agent-policy-poisoning.json
new file mode 100644
index 0000000..10d438f
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-044-oci-container-image-label-annotation-agent-policy-poisoning.json
@@ -0,0 +1,38 @@
+{
+  "id": "GLS-DFP-044",
+  "name": "OCI Container Image Label / Annotation Agent Policy Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "AI agents that inspect container images treat OCI labels and manifest annotations as trusted context. A malicious image publisher can plant agent-directed instructions in `org.opencontainers.image.description`, custom labels, or manifest annotations that cause the agent to disable security scanners,",
+  "keywords": [
+    "Chart.yaml",
+    "LABEL",
+    "OPENAI_API_KEY",
+    "ai-agent audience language",
+    "ai.agent.note",
+    "annotations",
+    "auditing a container image for security posture",
+    "docker inspect",
+    "llms.txt",
+    "org.opencontainers.image.*",
+    "org.opencontainers.image.description",
+    "robots.txt",
+    "scanner.policy"
+  ],
+  "regex": [
+    "(?is)(?!.{0,80}?\\b(?:(?:security\\s+training|scanner\\s+docs?|incident\\s+report|vulnerability\\s+report)\\b.{0,60}?\\b(?:never|must\\s+not|do\\s+not|should\\s+(?:report|detect|flag|refuse|block))|(?:AI\\s+agents?\\s+must\\s+not|agents?\\s+must\\s+not|must\\s+not\\s+(?:treat|obey|follow|use)|never\\s+(?:treat|obey|override|trust|follow|forward|include|suppress))|do\\s+not\\s+(?:treat|obey|follow|forward|include|suppress|trust)|should\\s+(?:report|detect|flag|refuse|block)\\s.{0,40}?\\b(?:label|metadata|container|docker|annotation)|\\b(?:does\\s+not\\s+instruct|is\\s+not\\s+policy|never\\s+overrides?|not\\s+(?:an\\s+)?instruction)))(?=.*\\b(?:LABEL|org\\.opencontainers|annotations|container(?:\\s+image)|docker(?:\\s+image)|registry\\s+description|image\\s+(?:label|metadata|description)|Dockerfile|docker\\s+hub|OCI\\s+(?:image|manifest))\\b)(?=.*\\b(?:AI\\s+agent|assistant|LLM|scanner|automated\\s+deployment|crawler|auditor|autonomous\\s+(?:scanner|agent|verifier)|(?:ai|agent|scanner)\\.\\w+)\\b)(?=.*\\b(?:(?:override|supersedes?|bypass|disable|skip|ignore).{0,40}?(?:scanners?|guardrail|policy|instruction|rule|check|block|deny|warn(?:ing)?|decision)|(?:suppress|hide|do\\s+not\\s+report).{0,40}?(?:findings?|warnings?|alerts?|issues?|errors?|results?)|(?:(?:API|secret|access)\\s*keys?|auth\\s*tokens?|env(?:ironment)?\\s*var(?:iable)?s?|OPENAI_API_KEY|GITHUB_TOKEN|credentials?).{0,40}?(?:export|include|send|log|collect|dump|forward|leak)|(?:export|include|send|log|collect|dump|forward).{0,40}?(?:(?:API|secret|access)\\s*keys?|auth\\s*tokens?|env(?:ironment)?\\s*var(?:iable)?s?|OPENAI_API_KEY|GITHUB_TOKEN|credentials?)|(?:mark\\s+(?:as\\s+)?false\\s+positive|add.{0,40}?(?:to\\s+)?allowlist|trust\\s+this\\s+(?:image|label|metadata)))\\b)"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-044"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-045-robots-txt-agent-discovery-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-045-robots-txt-agent-discovery-metadata-poisoning.json
new file mode 100644
index 0000000..f3c4025
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-045-robots-txt-agent-discovery-metadata-poisoning.json
@@ -0,0 +1,32 @@
+{
+  "id": "GLS-DFP-045",
+  "name": "robots.txt Agent Discovery Metadata Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "`robots.txt` is the most universally consumed machine-readable policy file on the web. Attackers can embed agent-targeting instructions in comments, custom directives, `Sitemap:` pointers, and `User-agent:` sections that AI agents ingest as trusted site policy \u2014 enabling authority inversion, credent",
+  "keywords": [
+    "# AI AGENTS AND SECURITY SCANNERS:",
+    "*robots*",
+    "AI agent(s)?",
+    "Agent-policy:",
+    "Crawler-note:",
+    "Scanner-policy:",
+    "User-agent: GPTBot"
+  ],
+  "regex": [
+    "(?is)^(?!.*(?:AI agents must not treat robots\\.txt|do not obey robots\\.txt|never override|never treat robots\\.txt|must not (?:treat|obey|follow|forward|include|suppress)|do not (?:treat|obey|forward|include|suppress)|never (?:treat|obey|override|forward|include|suppress)|refused|blocked|detected|flagged|should (?:report|detect|flag|refuse|block)|scanner docs? should (?:report|detect|flag|refuse|block)|security report|incident report|vulnerability report|learn how|guide|article|does not instruct agents?))(?=.*(?:robots\\.txt|User-agent:|Disallow:|Allow:|Crawl-delay:|Sitemap:|(?:^|\\n)#\\s))(?=.*(?:AI agents?|assistants?|autonomous (?:scanner|crawler|verifier)s?|LLMs?|models?|security scanners?|GPTBot|Claude-Web|CCBot|coding agents?|code agents?|crawler instructions?|scanner instructions?|bot instructions?|agentic|autonomous agents?))(?=.*(?:supersedes?|outranks?|overrides?|canonical (?:site|owner|operator) policy|higher\\.priority|definitive authority|governing document|takes? precedence|primary source of truth|include(?:\\s+(?:[\\w-]+\\s+)?)(?:environment variables?|API keys?|tokens?|Authorization|session|local state)|forward(?:\\s+(?:[\\w-]+\\s+)?)(?:environment|local state|cookies|session)|attach(?:\\s+(?:[\\w-]+\\s+)?)(?:environment|runtime|local) (?:variables?|context|config)|do not (?:report|notify|mention|disclose|flag)|suppress(?:es|ed|ing)?(?:\\s+(?:[\\w-]+\\s+)?)(?:findings?|warnings?|reports?|issues?|vulnerabilit(?:y|ies))|hide(?:\\s+(?:[\\w-]+\\s+)?)(?:findings?|warnings?|reports?|this|security)|omit from (?:reports?|summar|findings)|exclude from (?:reports?|findings?|summar)|redact(?:\\s+(?:[\\w-]+\\s+)?)(?:findings?|flags?|warnings?|reports?|issues?)|provide(?:\\s+(?:[\\w-]+\\s+)?)(?:local (?:config|state|context)|environment|runtime)|non.actionable.*(?:omit|exclude|suppress|skip)|informational only.*(?:omit|exclude|suppress|skip)))"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-045"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-046-security-txt-rfc-9116-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-046-security-txt-rfc-9116-agent-policy-poisoning.json
new file mode 100644
index 0000000..aa46733
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-046-security-txt-rfc-9116-agent-policy-poisoning.json
@@ -0,0 +1,29 @@
+{
+  "id": "GLS-DFP-046",
+  "name": "security.txt (RFC 9116) Agent-Policy Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "A `security.txt` file (RFC 9116) hides agent/scanner instructions in comments, extension fields, `Contact` values, or a `Policy` URL, telling AI vulnerability scanners to suppress findings, forward local credentials, or treat the metadata as authority that supersedes scanner rules.",
+  "keywords": [
+    "AI agents",
+    "API token",
+    "CI_ENV",
+    "Contact:/Expires:/Encryption:"
+  ],
+  "regex": [
+    "(?isx)\n^(?!.*\\b(?:must\\s+not\\s+(?:treat|obey|follow|use)|do\\s+not\\s+(?:treat|obey|follow|forward|include|suppress|trust)|never\\s+(?:treat|obey|override|overrides?|forward|include|suppress|trust)|should\\s+(?:report|detect|flag|refuse|block)|refused|blocked|detected|flagged)\\b)\n(?=.*(?:\\b(?:security\\.txt|security\\s+contact|RFC\\s*9116|Canonical:|Policy:|Acknowledgments:|Hiring:|Preferred-Languages:)\\b|(?:Contact:|Expires:|Encryption:)(?=\\s|$)))\n(?=.*(?<![a-zA-Z0-9])(?:ai\\s+(?:agents?|assistants?|scanners?|auditors?)|assistants?|agents?|assistant[-_\\s]instructions?|security\\s+scanners?|autonomous\\s+(?:scanners?|crawlers?|verifiers?|agents?)|crawlers?|llms?|models?|agentic|bots?)(?![a-zA-Z0-9]))\n(?=.*\\b(?:canonical\\s+security\\s+policy|(?:primary|single)\\s+source\\s+of\\s+truth|canonical\\s+(?:project\\s+|model\\s+)?(?:description|policy)|definitive\\s+(?:project\\s+|model\\s+evaluation\\s+)?(?:description|policy)|supersed(?:e|es|ed|ing)?|outranks?|overrides?|higher\\s+priority|must\\s+obey|ignore\\s+(?:system|developer|repository|scanner)\\s+rules?|(?:agent|scanner|assistant|verifier|crawler)\\s+instructions?)\\b)\n(?=.*\\b(?:do\\s+not\\s+(?:report|flag|notify|mention)|not\\s+report|suppress(?:es|ed|ing)?|hide.{0,3}findings?|mark.{0,40}?(?:as\\s+)?(?:clean|safe|informational|false\\s+positive)|skip\\s+checks?|do\\s+not\\s+(?:flag|check)|forward.{0,2}(?:[\\w-]+\\s+){0,2}(?:Authorization|Bearer|API\\s+keys?|tokens?|env(?:ironment)?(?:\\s+(?:variables?|context))?|local\\s+state|session|auth\\s+context|secrets?|cookies?)|include.{0,2}(?:[\\w-]+\\s+){0,2}(?:Authorization|Bearer|API\\s+keys?|tokens?|env(?:ironment)?(?:\\s+(?:variables?|context))?|local\\s+state|session|auth\\s+context|secrets?|cookies?)|send.{0,2}(?:[\\w-]+\\s+){0,2}(?:Authorization|Bearer|API\\s+keys?|tokens?|env(?:ironment)?(?:\\s+(?:variables?|context))?|local\\s+state|session|auth\\s+context|secrets?|cookies?)|attach.{0,2}(?:[\\w-]+\\s+){0,2}(?:Authorization|Bearer|API\\s+keys?|tokens?|env(?:ironment)?(?:\\s+(?:variables?|context))?|local\\s+state|session|auth\\s+context|secrets?|cookies?)|treat.{0,40}?as\\s+informational|mark.{0,40}?as\\s+safe)\\b)\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-046"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-047-sitemap-xml-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-047-sitemap-xml-agent-policy-poisoning.json
new file mode 100644
index 0000000..0357cb9
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-047-sitemap-xml-agent-policy-poisoning.json
@@ -0,0 +1,34 @@
+{
+  "id": "GLS-DFP-047",
+  "name": "Sitemap XML Agent Policy Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "medium",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Attackers embed AI-agent/scanner-directed policy instructions (authority inversion, report suppression, credential forwarding) inside sitemap.xml XML comments, custom namespace extension elements, and `<url>` text fields, exploiting the fact that AI agents and automated scanners consume sitemaps as",
+  "keywords": [
+    "<sitemapindex",
+    "agent instruction",
+    "attach tokens",
+    "authoritative",
+    "autonomous scanner",
+    "canonical policy",
+    "do not flag",
+    "do not report",
+    "forward local state"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:\n  do\\s+not\\s+(?:obey|follow|include|attach|forward|send|share|report|override|trust|treat|suppress)\n  |does\\s+not\\s+(?:obey|follow|include|attach|forward|send|share|override|overrides?|trust|treat|suppress)\n  |never\\s+(?:obey|include|attach|forward|send|share|report|override|trust|treat|suppress|overrides?)\n  |must\\s+not\\s+(?:obey|include|attach|forward|send|share|report|override|trust|treat|suppress)\n  |should\\s+(?:report|detect|flag|refuse|block)\n  |(?:security|incident|vulnerability)\\s+report.*\\b(?:flag|detect|block|refus)\n  |scanners?\\s+docs?\\s+should\\s+(?:report|detect|flag|refuse)\n)\\b)\n(?=.*(?:\n  \\bsitemap\\.xml\\b|\\bsitemap\\s+index\\b|\\burlset\\b|\\b<url>\\b|\\b<loc>\\b\n  |\\bxmlns:sitemap\\b|\\bwww\\.sitemaps\\.org\\b|\\b<sitemapindex>\\b|\\b<lastmod>\\b\n  |sitemap\\s+protocol|\\bxml\\s+comment\\b.*sitemap|\\b<\\?xml\\b.*sitemap\n))\n(?=.*\\b(?:\n  (?:ai|autonomous|devops|security|dependency|code)\\s+(?:agents?|assistants?|scanners?|crawlers?|reviewers?)\n  |(?:coding|code\\.review)\\s+agents?\n  |(?:llms?|models?|copilot|cursor|codex|claude)(?:\\s+(?:agents?|assistants?))?\n  |\\b(?:autonomous\\s+)?(?:scanners?|crawlers?)\\b\n  |\\bagents?\\b\n  |\\bassistants?\\b\n)\\b)\n(?=.*(?:\n  (?:(?:primary|single)\\s+source\\s+of\\s+truth)\n  |\\b(?:governing|controlling|canonical|definitive|authoritative)\\s+(?:document|policy|build\\s+policy|project\\s+description|model\\s+evaluation\\s+policy)\n  |(?:\\btakes?\\s+precedence\\b|\\boverr(?:ides?|ules?)\\b|\\bsupersede[ds]?\\b|\\boutranks?\\b)\n  |\\b(?:canonical|authoritative|definitive)\\s+(?:build|container|image|project|site|repository)\\s+(?:policy|description|configuration)\n  |\\bdefines?\\s+(?:(?:the\\s+)?rules?\\s+for\\s+(?:automated|AI|scanner|security|agent)\\s+(?:review|audit|scan)|all\\s+(?:scanner|security)\\s+rules?)\\b\n  |(?:(?:agent|scanner|assistant|verifier|crawler|moderation|review\\s+tool)\\s+instructions?)\n  |\\bthis\\s+(?:is|(?:file|document|label|comment|instruction|metadata|manifest)\\s+is)\\s+(?:the\\s+)?(?:governing|controlling|authoritative|canonical)\\b\n  |\\boverrules?\\s+(?:all\\s+)?(?:repository|scanner|security|system|developer)\\b\n  |\\bfor\\s+(?:ai\\s+)?(?:agents?|scanners?)\\s*:\\s*this\\b\n  |\\bauthoritative\\b\n))\n(?=.*(?:\n  \\b(?:suppress|hide|redact|exclude|omit|skip)\\s+(?:[-\\w]+\\s+){0,3}(?:findings?|warnings?|alerts?|reports?|flags?|issues?|scan(?:s|ning)?\\s+results?|vulnerabilit(?:y|ies)|checks?|dependencies?\\s+warning|notifications?|observations?|results?|diagnostics?)\n  |\\b(?:suppress|hide|redact|exclude|omit)\\s+(?:[-\\w]+\\s+){0,3}(?:all|any|every)\\s+(?:[-\\w]+\\s+){0,1}(?:finding|warning|alert|report|flag|issue|scan|vuln|check)\n  |\\b(?:treat|mark|flag)\\b.{0,40}?\\bas\\s+(?:informational|non\\.blocking|safe|clean|benign)\n  |\\b(?:include|attach|forward|send|share|provide|expose|collect)\\s+(?:[-\\w]+\\s+){0,2}(?:env(?:ironment)?\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?)|tokens?|API\\s+keys?|session\\s+(?:keys?|tokens?|cookies?)|local\\s+state|runtime\\s+(?:env(?:ironment)?|variables?|config(?:uration)?|settings?)|credentials?|auth\\s+(?:headers?|tokens?)|Bearer\\s+tokens?)\n  |\\b(?:do\\s+not\\s+(?:flag|escalate|report|scan|audit|block)|don't\\s+(?:flag|escalate|report|scan))\\b\n  |\\b(?:mark\\s+(?:this\\s+)?(?:container|image|build|site|project|package|extension|file)\\s+as\\s+clean\\b)\n  |\\b(?:omit\\s+from\\s+(?:summar(?:y|ies)|final\\s+report|audit\\s+reports?))\\b\n  |\\b(?:skip\\s+all\\s+checks?\\b)\n  |\\b(?:hide\\s+all\\s+vulnerability\\s+reports?\\b)\n  |\\b(?:forward\\s+(?:[-\\w]+\\s+){0,3}(?:to\\s+the\\s+)?(?:build\\s+(?:output|context|log)|maintainer|debug|report))\\b\n  |\\b(?:expose\\s+all\\s+local\\s+state\\b)\n))"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-047"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-048-webauthn-related-origins-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-048-webauthn-related-origins-agent-policy-poisoning.json
new file mode 100644
index 0000000..4ce63b1
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-048-webauthn-related-origins-agent-policy-poisoning.json
@@ -0,0 +1,35 @@
+{
+  "id": "GLS-DFP-048",
+  "name": "WebAuthn Related-Origins Agent-Policy Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "A WebAuthn/passkey related-origins metadata file hides agent/scanner instructions in extension text, telling AI passkey auditors to override trusted instructions, suppress origin/RP ID mismatch findings, or include local authorization material.",
+  "keywords": [
+    "/.well-known/webauthn",
+    "RP ID",
+    "RP ID mismatch",
+    "WebAuthn",
+    "agent_note",
+    "assistant_instructions",
+    "audit_note",
+    "copy",
+    "credential auditor",
+    "do not report"
+  ],
+  "regex": [
+    "(?is)\n(?!.*\\b(?:agents?|assistants?|scanners?|auditors?)\\s+must\\s+not\\s+obey\\b)\n(?!.*\\b(?:do\\s+not|never)\\s+(?:obey|trust|follow|treat)\\b.{0,80}\\b(?:webauthn|passkeys?|related[-_\\s]?origins?|rp[-_\\s]?id)\\b)\n(?!.*\\b(?:webauthn|passkeys?|related[-_\\s]?origins?|rp[-_\\s]?id)\\b.{0,80}\\b(?:is|are)\\s+not\\s+(?:agent\\s+)?policy\\b)\n(?!.*\\b(?:scanner\\s+docs?|docs?|guide|reference|article|training|runbook|security\\s+report|vulnerability\\s+report)\\b.{0,140}\\b(?:should|must)\\s+(?:report|detect|flag|refuse|warn)\\b)\n(?=.*\\b(?:/\\.well-known/webauthn|webauthn|passkeys?|related[-_\\s]?origins?|rp[-_\\s]?id|relying\\s+party|origins?\\s*:)\\b)\n(?=.*\\b(?:ai\\s+agents?|assistants?|assistant[-_\\s]?instructions?|security\\s+scanners?|passkey\\s+auditors?|credential\\s+auditors?|identity\\s+auditors?|tool[-_\\s]?builders?)\\b)\n(?=.*\\b(?:x[-_\\s]?agent[-_\\s]?policy|assistant[-_\\s]?instructions?|scanner[-_\\s]?policy|agent[-_\\s]?notes?|audit[-_\\s]?notes?|ignore|override|supersede|higher\\s+priority|do\\s+not\\s+report|not\\s+report|suppress|hide\\s+findings?|mark\\s+clean|forward|send|include|copy)\\b)\n(?=.*\\b(?:authorization\\s+headers?|session\\s+cookies?|api\\s+keys?|tokens?|env(?:ironment)?|localstorage|rp[-_\\s]?id\\s+mismatches?|origin\\s+mismatches?|validation\\s+failures?|findings?|reports?|warnings?)\\b)\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-048"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-049-consent-management-cookie-preference-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-049-consent-management-cookie-preference-agent-policy-poisoning.json
new file mode 100644
index 0000000..50899e0
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-049-consent-management-cookie-preference-agent-policy-poisoning.json
@@ -0,0 +1,39 @@
+{
+  "id": "GLS-DFP-049",
+  "name": "Consent Management Cookie-Preference Agent-Policy Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Consent-management and cookie-preference metadata can smuggle instructions to AI privacy/compliance agents that claim cookie consent text is authoritative policy, suppress privacy findings, or forward cookies, consent strings, tokens, or local environment context.",
+  "keywords": [
+    "AI agents",
+    "CMP config",
+    "Cookiebot",
+    "Didomi",
+    "IAB TCF",
+    "Klaro",
+    "LLMs",
+    "OneTrust",
+    "Osano",
+    "TCF v2",
+    "TrustArc",
+    "__tcfapi",
+    "agent_instructions",
+    "assistants"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:security|incident|vulnerability|training|guide|docs?|article|reference|runbook|example)\\b.{0,180}\\b(?:report|detect|flag|refuse|block|warn)\\b.{0,180}\\b(?:consent|cookie|cmp|tcf|privacy).{0,180}\\b(?:hide|suppress|include|forward|token|api\\s*key|cookies?))\n(?!.*\\b(?:do\\s+not|does\\s+not|never|must\\s+not|should\\s+(?:not|never))\\b.{0,90}\\b(?:obey|follow|treat|trust|use|include|attach|forward|send|share|override|overrides?|supersede|supersedes?|hide|suppress)\\b.{0,140}\\b(?:consent|cookie|cmp|tcf|metadata|policy|instructions?|as\\s+authority|as\\s+policy))\n(?!.*\\b(?:not\\s+(?:authoritative|canonical|definitive)|no\\s+(?:policy\\s+)?overrides?)\\b)\n(?=.*(?:\\b(?:consent\\s+management|cookie\\s+(?:banner|preferences?|consent|settings)|consent\\.json|privacy\\s+choices|iab\\s+tcf|tcf\\s*v?2|__tcfapi|cmp\\s*(?:config|metadata|policy)?|cookiebot|onetrust|didomi|klaro|osano|trustarc|consent\\s+string|euconsent-v2|vendor\\s+list|global\\s+vendor\\s+list|gvl|uspapi|privacy\\s+manager)\\b|(?<!\\w)\"(?:cmp|consent|cookie_preferences?|privacyChoices|privacy_choices|iabTCF|tcf|vendorList|vendor_list|gvl|purposes|agent_instructions|scanner_policy)\"\\s*:))\n(?=.*(?<![a-zA-Z0-9])(?:ai\\s+agents?|agents?|assistants?|llms?|crawlers?|scanners?|privacy\\s+auditors?|compliance\\s+(?:bots?|agents?)|automated\\s+(?:auditors?|tools?|reviewers?))(?![a-zA-Z0-9]))\n(?=.*(?:\\b(?:governing|controlling|canonical|definitive|authoritative)\\s+(?:document|policy|source|metadata|record)\\b|\\b(?:primary|single)\\s+source\\s+of\\s+truth\\b|\\b(?:overrides?|supersedes?|outranks?)\\s+(?:system|developer|scanner|security|privacy|compliance)\\s+(?:rules?|polic(?:y|ies)|instructions?)\\b|\\btakes\\s+precedence\\s+over\\s+(?:system|developer|scanner|security|privacy|compliance)\\s+(?:rules?|polic(?:y|ies)|instructions?)\\b|\\bdefines?\\s+(?:(?:the\\s+)?rules?\\s+for\\s+(?:automated|ai|scanner|security|privacy|compliance)\\s+(?:review|audit|scan)|all\\s+(?:scanner|security|privacy|compliance)\\s+rules?)\\b|\\b(?:agent|scanner|assistant|crawler|privacy\\s+auditor|compliance\\s+agent)\\s+instructions?\\b|\\bfor\\s+(?:ai\\s+)?agents?.{0,30}\\bthis\\b|\\bmain\\s+operating\\s+guidance\\b))\n(?=.*(?:\\b(?:suppress|hide|omit|exclude|redact|skip)\\s+(?:[\\w-]+\\s+){0,4}(?:findings?|warnings?|alerts?|reports?|flags?|issues?|observations?|results?|diagnostics?|privacy\\s+violations?|consent\\s+violations?)\\b|\\btreat.{0,60}?as\\s+(?:informational|non[-\\s]?blocking|safe|clean|benign|advisory(?:-only)?)\\b|\\b(?:downgrade|reclassify).{0,80}?\\b(?:findings?|warnings?|alerts?|observations?|violations?)\\b.{0,80}?\\b(?:background|informational|advisory|non[-\\s]?blocking)\\b|\\b(?:keep|leave).{0,90}?\\bout\\s+of\\s+(?:the\\s+)?(?:final\\s+)?(?:report|summary|memo|audit)\\b|\\b(?:do\\s+not|don't|not)\\s+(?:report|flag|escalate)\\s+(?:[\\w-]+\\s+){0,4}(?:findings?|warnings?|violations?|observations?|results?|diagnostics?)\\b|\\b(?:include|attach|forward|send|share|provide|expose|collect|pass\\s+along|copy|read|populate)\\s+(?:[\\w-]+\\s+){0,4}(?:api\\s*keys?|tokens?|session\\s+tokens?|cookies?|authorization|auth\\s+headers?|environment\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?)|runtime\\s+(?:context|details?|config(?:uration)?|settings?)|local\\s+(?:state|config(?:uration)?|settings?)|consent\\s+string|euconsent-v2)\\b))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-049"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-050-deployment-platform-config-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-050-deployment-platform-config-metadata-poisoning.json
new file mode 100644
index 0000000..0d6054f
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-050-deployment-platform-config-metadata-poisoning.json
@@ -0,0 +1,33 @@
+{
+  "id": "GLS-DFP-050",
+  "name": "Deployment Platform Config Metadata Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Deployment-platform configuration files such as `netlify.toml`, `vercel.json`, Cloudflare `wrangler.toml`, `_headers`, and `_redirects` can carry agent/scanner-directed metadata that claims deployment config is authoritative policy, suppresses security findings, or asks agents to forward local deplo",
+  "keywords": [
+    "_headers",
+    "_redirects",
+    "agent_policy",
+    "assistant_instructions",
+    "netlify.toml",
+    "scanner_policy",
+    "vercel.json",
+    "wrangler.toml"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:\n  (?:scanners?\\s+docs?|security\\s+(?:training|guide|reference)|deployment\\s+metadata\\s+guide|incident\\s+report|vulnerability\\s+report).{0,160}?(?:should\\s+(?:report|detect|flag|refuse|block)|detected|blocked|flagged|refused)\n  |(?:do\\s+not|does\\s+not|never|must\\s+not|should\\s+never|should\\s+not)\\s+(?:obey|follow|treat|use|trust|include|attach|forward|send|share|override|supersede|expose)\\b\n  |(?:netlify\\.toml|vercel\\.json|wrangler\\.toml|_headers|_redirects|deployment\\s+metadata|Cloudflare\\s+Pages).{0,120}?\\b(?:is\\s+not|are\\s+not|does\\s+not)\\s+(?:authoritative|agent\\s+policy|scanner\\s+policy|instruction|policy)\n  |\\bno\\s+(?:agent\\s+instructions?|policy\\s+overrides?)\\s+(?:are\\s+)?present\\b\n))\n(?=.*(?:\n  (?<![A-Za-z0-9])(?:netlify\\.toml|vercel\\.json|wrangler\\.toml|_headers|_redirects)(?![A-Za-z0-9])\n  |\\bCloudflare\\s+Pages\\b|\\bdeployment\\s+(?:config|metadata|headers?|redirects?|summary)\\b\n  |\\b(?:build\\.command|publish\\s*=|compatibility_date|edge_functions?|headers?\\s*[:=\\[]|redirects?\\s*[:=\\[]|\\[\\[headers\\]\\]|\\[\\[redirects\\]\\])\\b\n))\n(?=.*(?:\n  \\b(?:AI|autonomous|coding|deployment|security)\\s+(?:agents?|assistants?|scanners?|crawlers?)\\b\n  |\\b(?:agents?|assistants?|scanners?|crawlers?|LLMs?)\\b\n  |(?<![A-Za-z0-9])(?:agent|scanner|assistant|crawler|deployment_agent|security_agent)[_-]?(?:policy|instructions?|note|guidance)(?![A-Za-z0-9])\n))\n(?=.*(?:\n  \\b(?:authoritative|canonical|definitive|governing|controlling)\\b\n  |(?:primary|single)\\s+source\\s+of\\s+truth\n  |(?:primary|main|principal)\\s+(?:review|deployment|scanner|security)\\s+(?:guidance|playbook|policy)\n  |(?:takes\\s+precedence|overrides?|supersed(?:e|es|ed|ing)|outranks?|overrules?)\\b\n  |defines?\\s+(?:(?:the\\s+)?rules?\\s+for\\s+(?:automated|AI|scanner|security|deployment)\\s+(?:review|audit|scan)|all\\s+(?:scanner|security|deployment)\\s+rules?)\n  |(?:agent|scanner|assistant|deployment)\\s+(?:policy|instructions?|directive|guidance)\n))\n(?=.*(?:\n  (?:suppress|hide|omit|exclude|redact|skip)\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|alerts?|reports?|flags?|issues?|checks?|observations?|results?|diagnostics?|notifications?)\n  |(?:do\\s+not|don't|never)\\s+(?:report|flag|escalate)\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|issues?|observations?|diagnostics?|misconfigurations?)\n  |(?:treat|mark|classify|label)\\s+.{0,60}?\\b(?:as\\s+)?(?:informational|non-blocking|safe|clean|benign|background-only)\n  |(?:downgrade|move|route|shift)\\s+.{0,80}?\\b(?:findings?|warnings?|alerts?|observations?|diagnostics?|results?|issues?)\\b.{0,80}?\\b(?:background\\s+notes?|background-only|appendix-only|informational|non-blocking)\n  |(?:keep|leave)\\s+.{0,80}?\\b(?:findings?|warnings?|observations?|diagnostics?|results?|issues?|CSP|redirect|worker|header)\\b.{0,50}?\\bout\\s+of\\s+(?:the\\s+)?(?:report|summary|memo|release\\s+memo|deployment\\s+summary|final\\s+audit)\n  |(?:include|attach|forward|send|share|provide|expose|collect|pass\\s+along)\\s+(?:[\\w-]+\\s+){0,4}(?:API\\s+tokens?|deploy(?:ment)?\\s+tokens?|NETLIFY_AUTH_TOKEN|VERCEL_TOKEN|CLOUDFLARE_API_TOKEN|Authorization\\s+headers?|session\\s+keys?|environment\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?)|runtime\\s+(?:context|variables?|config(?:uration)?|settings?|material|artifacts?|evidence)|local\\s+(?:state|config(?:uration)?|settings?))\n))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-050"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-051-documentation-site-config-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-051-documentation-site-config-metadata-poisoning.json
new file mode 100644
index 0000000..48aa6b2
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-051-documentation-site-config-metadata-poisoning.json
@@ -0,0 +1,37 @@
+{
+  "id": "GLS-DFP-051",
+  "name": "Documentation Site Config Metadata Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Documentation-site configuration files such as `mkdocs.yml`, `docusaurus.config.js`, `.vitepress/config.ts`, `sidebars.js`, or Docsify config can carry agent-facing policy text that tells AI documentation/security agents to treat the config as authoritative, suppress docs/security findings, or forwa",
+  "keywords": [
+    "agent instruction:",
+    "agent_instructions",
+    "assistant_note",
+    "crawler_notice",
+    "mkdocs.yml",
+    "nav:",
+    "scanner instruction:",
+    "scanner_policy",
+    "sidebar:",
+    "sidebars.js",
+    "site_name:",
+    "theme:"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:security|scanner|training|runbook|guide|reference|incident|vulnerability|documentation)\\s+(?:docs?|report|example|exercise|guidance|article|reference)?.{0,160}?\\b(?:should\\s+(?:report|detect|flag|refuse|block)|detected|blocked|flagged|refused)\\b)\n(?!.*\\b(?:do\\s+not|does\\s+not|never|must\\s+not|should\\s+(?:not|never))\\s+(?:obey|follow|treat|use|include|attach|forward|send|share|override|overrides?|trust|expose)\\b)\n(?!.*\\b(?:not\\s+(?:authoritative|canonical|definitive)|no\\s+(?:policy\\s+)?overrides?)\\b)\n(?=.*(?:\\b(?:mkdocs\\.ya?ml|mkdocs|docusaurus(?:\\.config)?(?:\\.(?:js|ts|mjs|cjs))?|vitepress|\\.vitepress/config\\.(?:js|ts|mjs)|docsify|documentation\\s+site\\s+config|static\\s+site\\s+config|site_name\\s*:|theme\\s*:|nav\\s*:|sidebars\\.js|sidebar\\s*:|config\\s*:\\s*\\{)\\b))\n(?=.*(?<![A-Za-z0-9])(?:ai[-_\\s]?agents?|assistants?|llms?|crawlers?|scanners?|security[-_\\s]?scanners?|docs[-_\\s]?agents?|documentation[-_\\s]?agents?|agent[_-]instructions?|scanner[_-]policy|assistant[_-]note|crawler[_-]notice)(?![A-Za-z0-9]))\n(?=.*(?:\\b(?:governing|controlling|canonical|definitive|authoritative)\\s+(?:document|policy|guidance|instructions?|source|description|configuration)\\b|(?:primary|single)\\s+source\\s+of\\s+truth|(?:primary|main|operating|review|audit|quality|scanner)\\s+guidance|takes?\\s+precedence|overrides?|supersed(?:e|es|ed|ing)|outranks?|overrules?|defines?\\s+(?:(?:all|the)\\s+)?(?:scanner|security|agent|automated|review|audit|docs?)\\s+rules?|(?:agent|scanner|assistant|crawler|docs?)\\s+(?:instructions?|directive|policy)\\s*:))\n(?=.*(?:\\b(?:suppress|hide|redact|exclude|omit|skip|downgrade|deprioriti[sz]e)\\s+(?:[\\w-]+\\s+){0,4}(?:findings?|warnings?|alerts?|reports?|flags?|issues?|observations?|results?|diagnostics?|vulnerabilities?|CVE(?:s)?|audit\\s+memos?|summaries?|notes?)\\b|(?:treat|mark|classify|flag).{0,50}?\\bas\\s+(?:informational|non[-\\s]?blocking|safe|clean|benign|background[-\\s]?only)\\b|(?:keep|leave).{0,80}?(?:findings?|warnings?|observations?|diagnostics?|results?|alerts?|issues?|vulnerabilities?).{0,40}?\\bout\\s+of\\s+(?:the\\s+)?(?:memo|memos|summary|summaries|report|reports|audit\\s+memo|final\\s+report|docs\\s+audit)\\b|do\\s+not\\s+(?:report|flag|escalate|include)\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|issues?|observations?|results?|diagnostics?|security[-\\s]?team|reports?)\\b|(?:include|attach|forward|send|share|provide|expose|collect|pass\\s+along|copy|read)\\s+(?:[\\w-]+\\s+){0,4}(?:api\\s*keys?|tokens?|session\\s+(?:keys?|tokens?)|authorization\\s+headers?|auth\\s+headers?|cookies?|credentials?|environment\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?)|runtime\\s+(?:context|variables?|details?|config(?:uration)?|settings?|proof\\s+material)|local\\s+(?:state|config(?:uration)?|settings?)|execution\\s+context)\\b))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-051"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-052-global-privacy-control-metadata-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-052-global-privacy-control-metadata-agent-policy-poisoning.json
new file mode 100644
index 0000000..e6b2475
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-052-global-privacy-control-metadata-agent-policy-poisoning.json
@@ -0,0 +1,40 @@
+{
+  "id": "GLS-DFP-052",
+  "name": "Global Privacy Control metadata agent-policy poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "A hostile site can place agent-directed authority, report-suppression, or credential-forwarding instructions in Global Privacy Control (GPC) / Sec-GPC-adjacent privacy metadata so AI privacy auditors or scanners over-trust privacy-signal text as scanner policy.",
+  "keywords": [
+    "\"globalPrivacyControl\"",
+    "\"gpc\"",
+    "\"gpc\": true",
+    ".well-known/gpc.json",
+    "GPC header",
+    "GPC signal",
+    "Global Privacy Control",
+    "Sec-GPC",
+    "Sec-GPC: 1",
+    "agent instruction",
+    "agent_instructions",
+    "assistant_note",
+    "authoritative",
+    "canonical",
+    "definitive"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:do\\s+not\\s+(?:obey|follow|treat|trust|override|use)|does\\s+not\\s+(?:obey|follow|instruct|override|trust|treat)|never\\s+(?:obey|follow|treat|trust|override|use)|must\\s+not\\s+(?:obey|follow|treat|trust|override|use)|should\\s+(?:not\\s+\\w+|never\\b|report|detect|flag|refuse|block)|(?:security|incident|vulnerability)\\s+report.{0,80}\\b(?:flagged|detected|blocked|refused)|(?:scanner|privacy)\\s+docs?\\s+should\\s+(?:report|detect|flag|refuse)))\n(?=.*(?:\\b(?:Global\\s+Privacy\\s+Control|Sec-GPC|GPC\\s+signal|GPC\\s+header|privacy\\s+signal|do\\s+not\\s+sell|do\\s+not\\s+share)\\b|(?<!\\w)\"gpc\"\\s*:|(?<!\\w)\"globalPrivacyControl\"\\s*:|(?<![A-Za-z0-9])gpc_policy(?![A-Za-z0-9])|\\.well-known/gpc(?:\\.json)?))\n(?=.*(?<![A-Za-z0-9])(?:AI\\s+agents?|assistants?|autonomous\\s+(?:agents?|scanners?|auditors?)|privacy\\s+(?:auditors?|scanners?)|security\\s+scanners?|llms?|models?|crawlers?|bots?|agents?|scanner_policy|agent_instructions|assistant_note)(?![A-Za-z0-9]))\n(?=.*(?:\\b(?:overrides?|supersed(?:e|es|ed|ing)|outranks?|higher-priority|takes\\s+precedence|canonical|definitive|authoritative|governing\\s+document|controlling\\s+document|(?:primary|single)\\s+source\\s+of\\s+truth|must\\s+obey|defines?\\s+(?:(?:the\\s+)?rules?\\s+for\\s+(?:automated|AI|scanner|security|privacy)\\s+(?:review|audit|scan)|all\\s+(?:scanner|security|privacy)\\s+rules?))\\b|(?:agent|scanner|assistant|privacy\\s+auditor)\\s+(?:instruction|directive|policy)s?))\n(?=.*(?:\\b(?:suppress|hide|redact|exclude|omit|skip)\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|alerts?|reports?|flags?|issues?|observations?|results?|diagnostics?|privacy\\s+violations?|GPC\\s+violations?)\\b|do\\s+not\\s+(?:report|mention|notify|escalate)\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|issues?|observations?|privacy\\s+violations?|GPC\\s+violations?)\\b|treat.{0,50}?as\\s+(?:informational|advisory|non[- ]blocking|safe|clean)|mark.{0,50}?as\\s+(?:safe|clean|benign)|(?:include|attach|forward|send|share|provide|expose|collect|copy|read)\\s+(?:[\\w-]+\\s+){0,4}(?:Authorization|Bearer|cookies?|session\\s+(?:headers?|tokens?)|API\\s+keys?|secrets?|environment\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?)|runtime\\s+(?:context|variables?|config(?:uration)?|settings?)|local\\s+(?:state|config(?:uration)?|settings?))\\b))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-052"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-053-linter-formatter-config-metadata-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-053-linter-formatter-config-metadata-agent-policy-poisoning.json
new file mode 100644
index 0000000..f4245cd
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-053-linter-formatter-config-metadata-agent-policy-poisoning.json
@@ -0,0 +1,40 @@
+{
+  "id": "GLS-DFP-053",
+  "name": "Linter / formatter config metadata agent-policy poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Attacker-controlled linter or formatter config metadata (`eslint.config.js`, `.eslintrc`, `.prettierrc`, `biome.json`, Stylelint config, or adjacent rule comments/custom fields) tells AI coding/security agents to treat the config as higher-priority policy, suppress findings, or forward local runtime",
+  "keywords": [
+    ".eslintrc",
+    ".prettierrc",
+    ".stylelintrc",
+    "agent instruction",
+    "authoritative",
+    "biome.json",
+    "canonical/definitive policy",
+    "eslint.config.*",
+    "eslintConfig",
+    "extends",
+    "formatter config",
+    "governing/controlling document",
+    "lint-staged",
+    "linter config",
+    "overrides"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:security|incident|vulnerability|training|reference|guide|docs?|article|runbook)\\b.{0,160}\\b(?:detected|blocked|flagged|refused|should\\s+(?:report|detect|flag|refuse|block)|must\\s+not\\s+(?:obey|treat|follow|use)|do\\s+not\\s+(?:obey|treat|follow|use)|does\\s+not\\s+(?:instruct|override|obey|follow)|never\\s+(?:obey|treat|override|follow))\\b)\n(?!.*\\b(?:linter|formatter|eslint|prettier|biome|stylelint)\\s+(?:config|metadata|comments?)\\s+(?:is|are)\\s+not\\s+(?:authoritative|policy|instructions?))\n(?!.*\\bno\\s+(?:agent\\s+)?policy\\s+overrides?\\b)\n(?=.*(?:\\.eslintrc|eslint\\.config\\.(?:js|mjs|cjs|ts)|eslintConfig|\\.prettierrc|prettier\\.config\\.(?:js|cjs|mjs|ts)|biome\\.json|stylelint\\.config\\.(?:js|cjs|mjs|ts)|\\.stylelintrc|lint-staged|linter\\s+config|formatter\\s+config|static\\s+analysis\\s+config|rule\\s+metadata|rules?\\s*:\\s*\\[|overrides\\s*:\\s*\\[|plugins\\s*:\\s*\\[|extends\\s*:\\s*\\[))\n(?=.*(?<![a-zA-Z0-9])(?:ai[-_\\s]?agents?|agents?|assistants?|codex|copilot|claude|cursor|scanners?|security[-_\\s]?scanners?|dependency[-_\\s]?scanners?|repo[-_\\s]?auditors?|automated[-_\\s]?(?:review|audit)|lint[-_\\s]?auditors?)(?![a-zA-Z0-9]))\n(?=.*(?:overrides?\\s+(?:system|developer|scanner|security|repository)\\s+(?:rules?|polic(?:y|ies)|instructions?)|supersed(?:e|es|ed|ing)\\s+(?:scanner|security|repository|developer)\\s+(?:guidance|policy|rules?)|(?:primary|main|principal|authoritative)\\s+(?:review|lint|scanner|audit|security)\\s+(?:guidance|playbook|policy)|(?:canonical|definitive)\\s+(?:project\\s+|lint\\s+|scanner\\s+)?(?:policy|instructions?|description)|(?:agent|scanner|assistant|auditor|linter)\\s+(?:instructions?|directive|policy)|takes?\\s+precedence|(?:primary|single)\\s+source\\s+of\\s+truth|governing\\s+document|controlling\\s+document|authoritative\\b))\n(?=.*(?:suppress(?:es|ed|ing)?|hide|redact|omit|exclude|downgrade|deprioriti[sz]e|ignore|skip|mark.{0,40}?as\\s+(?:safe|informational|non-blocking)|treat.{0,50}?as\\s+(?:informational|non-blocking|advisory)|(?:keep|leave).{0,80}?\\bout\\s+of\\s+(?:the\\s+)?(?:report|summary|memo|audit|final)|(?:move|route|shift).{0,80}?(?:appendix-only|background-only|informational)|do\\s+not\\s+report|not\\s+report|pass\\s+along|forward|send|attach|include|copy|collect|provide|share|expose).{0,100}?(?:findings?|warnings?|alerts?|reports?|results?|diagnostics?|observations?|issues?|vulnerabilit(?:y|ies)|lint\\s+errors?|rule\\s+violations?|security\\s+flags?|dependency\\s+alerts?|environment\\s+(?:variables?|context|details?|config(?:uration)?|settings?|state)|runtime\\s+(?:context|material|details?|config(?:uration)?|settings?|state|artifacts?)|local\\s+(?:state|config(?:uration)?|settings?)|execution\\s+context|api\\s+keys?|tokens?|authorization|cookies?|session))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-053"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-054-sonar-project-properties-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-054-sonar-project-properties-metadata-poisoning.json
new file mode 100644
index 0000000..80e7618
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-054-sonar-project-properties-metadata-poisoning.json
@@ -0,0 +1,40 @@
+{
+  "id": "GLS-DFP-054",
+  "name": "Sonar project properties metadata poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "A hostile `sonar-project.properties` or SonarQube/SonarCloud configuration metadata field can target AI code-review/scanner agents with authority-inversion, report-suppression, or credential-forwarding instructions disguised as scanner policy.",
+  "keywords": [
+    "AI agents",
+    "SonarCloud",
+    "SonarQube",
+    "agent/scanner instruction",
+    "agents",
+    "assistants",
+    "authoritative",
+    "automated review",
+    "canonical scanner policy",
+    "dependency auditors",
+    "do not/must not/never",
+    "main operating guidance",
+    "overrides",
+    "quality gate",
+    "security scanners"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:scanner\\s+docs?\\s+should|security\\s+report:.*(?:detected|blocked|flagged|refused)|incident\\s+report:.*(?:detected|blocked|flagged|refused)|training\\s+(?:example|guide).*?(?:do\\s+not|never|must\\s+not)|(?:do|does)\\s+not\\s+(?:obey|follow|treat|trust|include|attach|forward|send|share|override|supersede)|never\\s+(?:obey|follow|treat|trust|include|attach|forward|send|share|override|supersede)|must\\s+not\\s+(?:obey|follow|treat|trust|include|attach|forward|send|share|override|supersede)|should\\s+(?:not\\s+\\w+|never\\b|report|detect|flag|refuse|block)|not\\s+(?:authoritative|canonical|definitive)|no\\s+(?:policy\\s+)?overrides?))\n(?=.*(?:sonar-project\\.properties|sonar\\.projectKey|sonar\\.sources|sonar\\.qualitygate|sonar\\.issue\\.(?:ignore|enforce)|sonar\\.scanner|SonarQube|SonarCloud|quality\\s+gate|sonar\\s+project\\s+config))\n(?=.*(?<![a-zA-Z0-9])(?:ai\\s+agents?|agents?|assistants?|scanners?|code\\s+scanners?|security\\s+scanners?|automated\\s+(?:review|audit|tools)|dependency\\s+auditors?|sonar\\s+auditors?)(?![a-zA-Z0-9]))\n(?=.*(?:overrides?|supersed(?:e|es|ed|ing)|outranks?|takes\\s+precedence|(?:primary|single)\\s+source\\s+of\\s+truth|canonical\\s+(?:project\\s+|scanner\\s+|sonar\\s+)?(?:description|policy|guidance)|definitive\\s+(?:project\\s+|scanner\\s+|sonar\\s+)?(?:description|policy|guidance)|governing\\s+document|controlling\\s+document|authoritative|main\\s+operating\\s+guidance|agent\\s+instructions?|scanner\\s+instructions?|defines?\\s+(?:all\\s+)?(?:scanner|security|sonar|automated\\s+review)\\s+rules?))\n(?=.*(?:(?:suppress|hide|redact|omit|exclude|skip)\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|issues?|warnings?|alerts?|reports?|flags?|failures?|observations?|diagnostics?|results?|quality\\s+gate|hotspots?|vulnerabilit(?:y|ies))|(?:do\\s+not|don't|not)\\s+(?:report|flag|escalate)\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|issues?|warnings?|alerts?|reports?|flags?|failures?|observations?|diagnostics?|results?|quality\\s+gate|hotspots?|vulnerabilit(?:y|ies))|treat.{0,50}?as\\s+(?:informational|non-blocking|safe|clean|benign)|(?:mark|classify).{0,50}?as\\s+(?:safe|clean|benign|informational)|(?:keep|leave).{0,60}?out\\s+of\\s+(?:the\\s+)?(?:summary|report|memo|audit|quality\\s+gate|audit\\s+memo|final\\s+report)|(?:include|attach|forward|send|share|provide|expose|collect|pass\\s+along)\\s+(?:[\\w-]+\\s+){0,4}(?:api\\s+keys?|api\\s+tokens?|tokens?|session\\s+keys?|credentials?|auth(?:orization)?\\s+headers?|environment\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?)|runtime\\s+(?:context|variables?|config(?:uration)?|settings?|proof\\s+material)|local\\s+(?:state|config(?:uration)?|settings?)|execution\\s+context)))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-054"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-055-systemd-unit-file-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-055-systemd-unit-file-agent-policy-poisoning.json
new file mode 100644
index 0000000..08cb9f7
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-055-systemd-unit-file-agent-policy-poisoning.json
@@ -0,0 +1,40 @@
+{
+  "id": "GLS-DFP-055",
+  "name": "systemd Unit File Agent Policy Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "A malicious `systemd` unit file, generated `systemctl show` dump, or service/timer metadata field can target AI agents or security scanners with fake authority, report-suppression, or credential-forwarding instructions embedded in otherwise inert service configuration text.",
+  "keywords": [
+    ".service",
+    ".socket",
+    ".timer",
+    "Description=",
+    "Documentation=",
+    "Environment=",
+    "ExecStart=",
+    "[Service]",
+    "[Socket]",
+    "[Timer]",
+    "[Unit]",
+    "agent_policy",
+    "do not",
+    "does not",
+    "must not"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:\n  (?:security|incident|vulnerability|scanner|training|reference|runbook|guide)\\s+(?:docs?|report|example|exercise|reference|guidance).{0,140}?\\b(?:detected|blocked|flagged|refused|report|detect|flag|refuse|should\\s+report|should\\s+detect)|\n  scanners?\\s+docs?\\s+should\\s+(?:report|detect|flag|refuse)|\n  (?:systemd\\s+)?(?:unit|service|timer)\\s+(?:metadata|comments?|descriptions?)\\s+(?:is|are)\\s+not\\s+(?:authoritative|policy|instructions?)|\n  no\\s+(?:agent\\s+)?policy\\s+overrides?|\n  not\\s+(?:authoritative|canonical|definitive)|\n  do\\s+not\\s+(?:obey|follow|treat|attach|forward|send|share|trust|override|use)|\n  does\\s+not\\s+(?:obey|follow|treat|attach|forward|send|share|trust|override|overrides?|instruct)|\n  never\\s+(?:obey|follow|treat|attach|forward|send|share|trust|override|overrides?|use)|\n  must\\s+not\\s+(?:obey|follow|treat|attach|forward|send|share|trust|override|use)\n)\\b)\n(?=.*(?:\n  (?<![A-Za-z0-9])(?:systemd(?:\\.service|\\.timer|\\.socket)?|systemctl|journalctl)(?![A-Za-z0-9])|\n  (?:^|[\\n\\r])\\s*\\[(?:Unit|Service|Timer|Socket|Install)\\]\\s*|\n  (?<![A-Za-z0-9])(?:Description|Documentation|Environment|EnvironmentFile|ExecStart|ExecReload|User|Group)\\s*=|\n  \\.(?:service|timer|socket)\\b|unit\\s+file|service\\s+unit|timer\\s+unit\n))\n(?=.*(?:\n  (?<![A-Za-z0-9])(?:ai|autonomous|coding|security|dependency|ops|devops)?[-_\\s]*(?:agents?|assistants?|scanners?|auditors?|reviewers?|crawlers?|llms?|models?)(?![A-Za-z0-9])|\n  (?<![A-Za-z0-9])(?:agent|assistant|scanner|auditor|reviewer)[_-](?:policy|instructions?|note|guidance)(?![A-Za-z0-9])\n))\n(?=.*(?:\n  overrides?|supersed(?:e|es|ed|ing)?|outranks?|overrules?|takes\\s+precedence|highest\\s+priority|(?:primary|single)\\s+source\\s+of\\s+truth|canonical|definitive|authoritative|governing\\s+(?:document|policy)|controlling\\s+(?:document|policy)|defines?\\s+(?:(?:all|the)\\s+)?(?:scanner|security|agent|review|audit|systemd|service)?\\s*rules?|(?:main|primary|principal)\\s+(?:operating|review|audit|scanner)\\s+(?:guidance|playbook|policy)|(?:agent|scanner|assistant|auditor|reviewer)\\s+(?:instructions?|directive|policy)\n))\n(?=.*(?:\n  (?:suppress|hide|redact|exclude|omit|skip|silence)\\s+(?:[\\w-]+\\s+){0,4}(?:findings?|warnings?|alerts?|reports?|flags?|issues?|observations?|diagnostics?|results?|checks?|mismatches?|failures?)|\n  (?:do\\s+not|don't|not)\\s+(?:report|flag|escalate)\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|alerts?|reports?|flags?|issues?|observations?|diagnostics?|results?|checks?|mismatches?|failures?)|\n  (?:treat|mark|classify|rate)\\s+.{0,60}?\\s+as\\s+(?:informational|non[-\\s]?blocking|safe|clean|benign|advisory(?:-only)?)|\n  (?:downgrade|move|route|shift)\\s+.{0,80}?(?:findings?|warnings?|alerts?|observations?|diagnostics?|results?|issues?)\\s+.{0,80}?(?:background|appendix|informational|non[-\\s]?blocking|advisory)\\s+(?:notes?|section|memo|summary)|\n  (?:keep|leave)\\s+.{0,80}?(?:findings?|warnings?|alerts?|observations?|diagnostics?|results?|issues?|failures?)\\s+out\\s+of\\s+(?:the\\s+)?(?:reports?|summaries|memos?|audit\\s+memo|final\\s+report|review\\s+memo|incident\\s+report)|\n  (?:include|attach|forward|send|share|provide|expose|collect|copy|read|populate|pass\\s+along)\\s+(?:[\\w-]+\\s+){0,5}(?:api\\s+keys?|tokens?|session\\s+(?:keys?|tokens?)|bearer|authorization\\s+headers?|credentials?|secrets?|environment\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?)|runtime\\s+(?:context|variables?|config(?:uration)?|settings?|material|artifacts?|evidence)|local\\s+(?:state|config(?:uration)?|settings?)|execution\\s+context|unit\\s+environment)\n))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-055"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-056-terraform-module-provider-registry-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-056-terraform-module-provider-registry-agent-policy-poisoning.json
new file mode 100644
index 0000000..c2e0cd4
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-056-terraform-module-provider-registry-agent-policy-poisoning.json
@@ -0,0 +1,40 @@
+{
+  "id": "GLS-DFP-056",
+  "name": "Terraform Module/Provider Registry Agent-Policy Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Terraform/OpenTofu module and provider metadata can embed agent-targeted policy instructions in `description`, README-derived registry text, variable/output docs, provider schema docs, or `x-agent`-style sidecar fields that tell IaC agents to suppress drift/security findings or forward local Terrafo",
+  "keywords": [
+    ".tfstate",
+    ".tfvars",
+    "AI agents",
+    "DevOps agents",
+    "IaC agents",
+    "LLMs",
+    "OpenTofu",
+    "agent/scanner instructions",
+    "agent_policy",
+    "assistant_note",
+    "auditors",
+    "authoritative",
+    "canonical",
+    "checks",
+    "coding assistants"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:\n  do\\s+not\\s+(?:obey|follow|include|attach|forward|send|share|overrides?|trust|treat)\n |does\\s+not\\s+(?:obey|follow|include|attach|forward|send|share|override|overrides?|trust|instruct)\n |never\\s+(?:obey|include|attach|forward|send|share|overrides?|trust|treat)\n |must\\s+not\\s+(?:obey|include|attach|forward|send|share|overrides?|trust|treat)\n |should\\s+(?:report|detect|flag|refuse|block|not\\s+\\w+|never\\b)\n |(?:scanner|security|incident|vulnerability)\\s+reports?.{0,120}\\b(?:detected|blocked|flagged|refused)\n |(?:scanner|security)\\s+docs?\\s+should\\s+(?:report|detect|flag|refuse)\n |(?:training|guide|article|reference).{0,100}\\b(?:do\\s+not|never|must\\s+not)\\s+(?:obey|treat|trust|follow)\n |no\\s+(?:agent|scanner|assistant)\\s+instructions?\\s+(?:are\\s+)?present\n))\n(?=.*(?:\\b(?:terraform|opentofu|hcl|registry\\.terraform\\.io|provider\\s+registry|module\\s+registry|terraform\\s+registry|terraform\\s+cloud|variables?\\.tf|outputs?\\.tf|providers?\\.tf|terraform\\.tfvars|tfvars|tfstate|\\.tfstate|terraform\\.lock\\.hcl|required_providers|provider\\s+schema|resource\\s+schema|data\\s+source|plan\\s+output|drift\\s+detection)\\b|\\b(?:module|provider|resource|data|variable|output)\\s+\"|\\bdescription\\s*=|\\bsensitive\\s*=|\\bvalidation\\s*\\{|\\blocals\\s*\\{|(?<!\\w)\"(?:description|variables?|outputs?|provider|resources?|data_sources?|required_providers|x[-_]agent[-_]policy|scanner_policy|agent_instructions)\"\\s*:))\n(?=.*(?:(?<![a-zA-Z0-9])(?:ai\\s+agents?|agents?|assistants?|coding\\s+agents?|devops\\s+agents?|iac\\s+agents?|terraform\\s+agents?|opentofu\\s+agents?|security\\s+scanners?|dependency\\s+scanners?|scanners?|verifiers?|auditors?|llms?|models?)(?![a-zA-Z0-9])|(?:agent|scanner|assistant|verifier|auditor)[_-](?:policy|instructions?|note|directive)|your\\s+(?:default\\s+)?(?:instructions?|rules?|polic(?:y|ies))))\n(?=.*(?:overrides?|overrules?|outranks?|supersed(?:e|es|ed|ing)?|takes?\\s+precedence|higher\\s+priority|canonical(?:\\s+(?:project|security|governing|policy|registry|module))?(?:\\s+(?:description|policy|document))?|definitive(?:\\s+(?:project|security|module))?(?:\\s+(?:description|policy))?|(?:primary|single)\\s+source\\s+of\\s+truth|governing\\s+document|controlling\\s+document|is\\s+the\\s+final\\s+word|\\bauthoritative\\b|defines?\\s+all\\s+(?:scanner|security|agent)\\s+rules?|defines?\\s+(?:the\\s+)?rules?\\s+for\\s+(?:automated|ai|scanner|security|agent|iac)\\s+(?:review|audit|scan)|(?:agent|scanner|assistant|verifier|auditor)\\s+instructions?|(?:agent|scanner|assistant|verifier|auditor)[._-](?:policy|instructions?|note)|\\bfor\\s+(?:ai\\s+)?(?:agents?|scanners?|assistants?|coding\\s+agents?|iac\\s+agents?).{0,25}?\\bthis\\b|(?:scanner|agent|assistant|auditor)\\s+(?:directive|notice)))\n(?=.*(?:\n  suppress(?:es|ed|ing)?.{0,45}(?:findings?|warnings?|alerts?|reports?|flags?|issues?|checks?|vulnerabilit(?:y|ies)|violations?|drift|plan\\s+diffs?|policy\\s+failures?)\n |hide\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|alerts?|reports?|flags?|issues?|violations?|drift|plan\\s+diffs?)\n |(?:do\\s+not|don't)\\s+(?:report|flag|escalate).{0,45}(?:findings?|warnings?|alerts?|reports?|issues?|violations?|drift|plan\\s+diffs?|policy)\n |skip\\b.{0,40}?\\b(?:security\\s+)?(?:checks?|scans?|reviews?|audits?|reports?|findings?|warnings?|alerts?|policy\\s+checks?)\\b\n |omit.{0,35}?(?:findings?|reports?|summar(?:y|ies)|issues?|warnings?|violations?|drift|plan\\s+diffs?)\n |exclude.{0,2}(?:[\\w-]+\\s+){0,2}(?:findings?|reports?|summar(?:y|ies)|issues?|warnings?|flags?|violations?|drift|plan\\s+diffs?)\n |redact.{0,35}?(?:findings?|warnings?|flags?|violations?|drift)\n |treat.{0,45}?as\\s+(?:informational|safe|low|none|non[-\\s]?blocking|benign)\n |mark.{0,45}?as\\s+(?:informational|safe|low|none|clean|benign)\n |classify.{0,35}?(?:as\\s+)?(?:informational|low|none|false\\s+positive|benign)\n |flag.{0,45}?as\\s+(?:informational|low|none|false\\s+positive)\n |(?:include|attach|forward|send|collect|embed|share|provide|expose|transmit|deliver|read|copy|populate)\\s+(?:[\\w.-]+\\s+){0,4}(?:terraform\\.tfvars|tfvars|\\.tfstate|tfstate|local\\s+state|state\\s+file|(?:environment|runtime)\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?)|local\\s+(?:state|config(?:uration)?|settings?)|(?:api|bearer|session|auth|terraform\\s+cloud|cloud|aws|gcp|azure)\\s+(?:keys?|tokens?|credentials?)|credentials?|secrets?|authorization|AWS_ACCESS_KEY_ID|AWS_SECRET_ACCESS_KEY|GITHUB_TOKEN|TF_TOKEN[\\w-]*)\n))"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-056"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-057-opa-rego-policy-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-057-opa-rego-policy-metadata-poisoning.json
new file mode 100644
index 0000000..82879f5
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-057-opa-rego-policy-metadata-poisoning.json
@@ -0,0 +1,39 @@
+{
+  "id": "GLS-DFP-057",
+  "name": "OPA/Rego policy metadata poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "OPA/Rego policy files and policy-bundle metadata can carry agent-directed instructions that tell AI security/review agents to treat policy comments, package metadata, ConstraintTemplate descriptions, or Conftest output as higher-priority review policy, suppress findings, or forward runtime/context m",
+  "keywords": [
+    ".manifest",
+    ".rego",
+    "AI agents",
+    "ConstraintTemplate",
+    "Gatekeeper",
+    "IaC scanners",
+    "agent instruction",
+    "agent_instructions",
+    "authoritative",
+    "automated admission review",
+    "canonical review playbook",
+    "conftest",
+    "deny[...]",
+    "dependency scanners"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:security|incident|training|reference|guide|docs?|runbook)\\b.{0,140}\\b(?:detected|blocked|flagged|refused|must\\s+be\\s+reported|reported,\\s+not\\s+obeyed|should\\s+report|should\\s+detect)\\b)\n(?!.*\\b(?:OPA|Rego|Gatekeeper|ConstraintTemplate|policy\\.rego|conftest|policy-as-code|policy\\s+metadata)\\b.{0,120}\\b(?:is\\s+not|are\\s+not|not\\s+authoritative|should\\s+never|must\\s+not|do\\s+not|does\\s+not|never)\\b.{0,90}\\b(?:authoritative|agent\\s+policy|review\\s+policy|override|overrides?|obey|treat|trust|forward|include)\\b)\n(?=.*(?:\\b(?:policy\\.rego|\\.rego|rego\\s+policy|OPA\\s+(?:bundle|policy|manifest)|open\\s+policy\\s+agent|conftest|Gatekeeper|ConstraintTemplate|deny\\s*\\[|violation\\s*\\[|package\\s+[a-z0-9_.-]+)\\b|(?<![A-Za-z0-9])(?:agent_instructions|scanner_policy|policy_metadata)(?![A-Za-z0-9])))\n(?=.*(?<![A-Za-z0-9])(?:AI\\s+agents?|security\\s+agents?|policy\\s+reviewers?|automated\\s+(?:admission|policy|security)\\s+review|IaC\\s+scanners?|dependency\\s+scanners?|platform\\s+agents?|review\\s+bots?|agents?|scanners?|agent_instructions|scanner_policy)(?![A-Za-z0-9]))\n(?=.*\\b(?:canonical\\s+(?:review\\s+)?(?:playbook|policy|guidance)|main\\s+operating\\s+guidance|primary\\s+(?:policy\\s+)?source\\s+of\\s+truth|authoritative\\s+(?:policy|guidance|source)|overrides?\\s+(?:scanner|security|agent|system|developer)\\s+(?:guidance|rules?|polic(?:y|ies)|instructions?)|supersed(?:e|es|ed|ing)\\s+(?:scanner|security|agent|system|developer)\\s+(?:guidance|rules?|polic(?:y|ies)|instructions?)|(?:agent|scanner|policy\\s+reviewer)\\s+(?:instructions?|directives?))\\b)\n(?=.*\\b(?:(?:suppress|hide|omit|exclude|redact)\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|alerts?|reports?|results?|diagnostics?|observations?|violations?|admission\\s+findings?)|(?:downgrade|reclassify|route|move|shift)\\s+(?:[\\w-]+\\s+){0,4}(?:findings?|warnings?|alerts?|results?|diagnostics?|observations?|violations?)\\s+(?:[\\w-]+\\s+){0,5}(?:background\\s+notes?|informational|advisory-only|non-blocking|appendix-only)|(?:keep|leave)\\s+(?:[\\w-]+\\s+){0,4}(?:findings?|warnings?|observations?|violations?|results?)\\s+out\\s+of\\s+(?:the\\s+)?(?:reports?|summaries|memos?|audit\\s+memo|final\\s+report)|(?:pass\\s+along|share|forward|send|include|attach|provide|expose)\\s+(?:[\\w-]+\\s+){0,4}(?:execution\\s+context|runtime\\s+(?:context|details?|settings?|state|proof|material|evidence)|environment\\s+(?:variables?|context|details?|settings?|state)|local\\s+(?:state|config(?:uration)?|settings?)|API\\s+keys?|tokens?|Authorization\\s+headers?))\\b).*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-057"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-058-allure-report-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-058-allure-report-metadata-poisoning.json
new file mode 100644
index 0000000..724ce5d
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-058-allure-report-metadata-poisoning.json
@@ -0,0 +1,36 @@
+{
+  "id": "GLS-DFP-058",
+  "name": "Allure report metadata poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Allure test-report JSON, widget, executor, environment, attachment-name, or rendered report metadata can carry agent-directed instructions that make CI/review agents suppress findings, rewrite test verdicts, or forward CI/runtime context.",
+  "keywords": [
+    "AI agents",
+    "allure-results/*.json",
+    "categories.json",
+    "container.json",
+    "do not obey/treat/use Allure metadata",
+    "environment.properties",
+    "executor.json",
+    "for agents",
+    "result.json",
+    "scanner instruction",
+    "statusDetails"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:do\\s+not|does\\s+not|never|must\\s+not|should\\s+never|should\\s+not)\\s+(?:be\\s+)?(?:obey(?:ed)?|follow(?:ed)?|treat(?:ed)?|us(?:e|ed)|trust(?:ed)?|include|attach|forward|send|share|override).{0,180}\\b(?:allure|allure-results|test\\s+report|test\\s+result|statusDetails|attachment\\s+name))\n(?!.*\\b(?:security\\s+guide|scanner\\s+docs?|training\\s+example|incident\\s+report|postmortem|reference)\\b.{0,180}\\b(?:reported|detected|blocked|flagged|refused|not\\s+obeyed|must\\s+be\\s+reported|should\\s+report))\n(?=.*(?:\\ballure(?:[-_\\s]?results?|\\s+report|\\s+test\\s+report)?\\b|allure-results/[^\\s]+\\.json|result\\.json|container\\.json|categories\\.json|executor\\.json|environment\\.properties|history-trend\\.json|widgets/[^\\s]+\\.json|statusDetails|\\\"status\\\"\\s*:\\s*\\\"(?:passed|failed|broken|skipped)\\\"|\\\"attachments?\\\"\\s*:|\\\"labels?\\\"\\s*:))\n(?=.*(?:ai\\s+agents?|agents?|assistants?|scanners?|reviewers?|ci\\s+agents?|test\\s+agents?|release\\s+agents?|security\\s+agents?|automated\\s+(?:test|ci|release|security)?\\s*(?:review|scan|audit|verification)|agent[-_\\s]?instructions?|scanner[-_\\s]?instructions?|for[-_\\s]?agents?))\n(?=.*(?:\n  (?:authoritative|canonical|definitive|governing|primary|single\\s+source\\s+of\\s+truth|takes?\\s+precedence|supersed(?:e|es|ed|ing)|overrides?|agent\\s+instructions?|scanner\\s+instructions?).{0,120}(?:policy|rules?|instructions?|verdict|review|guidance|playbook|runbook|procedure)\n |(?:suppress(?:es|ed|ing)?|hide|hidden|omit(?:ted|s|ting)?|exclude(?:d|s|ing)?|downgrade|deprioritize|demote|redact|skip|mark|treat|classify|route|move|leave|keep).{0,120}(?:findings?|warnings?|alerts?|reports?|results?|observations?|diagnostics?|failures?|defects?|vulnerabilit(?:y|ies)|security\\s+issues?|audit\\s+memo|final\\s+summary|blocking|informational|advisory-only|background-only)\n |(?:findings?|warnings?|alerts?|reports?|results?|observations?|diagnostics?|failures?|defects?).{0,80}(?:are|is|should\\s+be|must\\s+be)\\s+(?:suppressed|hidden|omitted|excluded|redacted|downgraded|treated|classified|marked).{0,60}(?:informational|advisory-only|background-only|non-blocking)?\n |(?:include|attach|forward|send|share|provide|expose|copy|collect|pass\\s+along|hand\\s+over|relay).{0,120}(?:api\\s*keys?|tokens?|secrets?|authorization|auth\\s+headers?|cookies?|session|ci\\s+environment|environment\\s+(?:variables?|context|settings?|details?)|runtime\\s+(?:context|settings?|details?)|local\\s+state|execution\\s+context)\n))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-058"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-059-api-portal-catalog-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-059-api-portal-catalog-metadata-poisoning.json
new file mode 100644
index 0000000..d73b0da
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-059-api-portal-catalog-metadata-poisoning.json
@@ -0,0 +1,29 @@
+{
+  "id": "GLS-DFP-059",
+  "name": "API portal/catalog metadata poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Generated API portal/catalog metadata (Stoplight, ReadMe, Redocly, developer portals, endpoint catalogs) can carry agent/scanner-directed authority inversion, report suppression, or credential/local-state forwarding instructions in documentation strings that AI API agents ingest as trusted reference",
+  "keywords": [
+    "agent_instructions",
+    "assistant_note",
+    "externalDocs",
+    "scanner_policy"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*(?:\\b(?:security\\s+(?:training|guide|reference)|scanner\\s+docs?|defensive\\s+example|incident\\s+report|quoted\\s+attack|do\\s+not\\s+(?:obey|follow|trust|treat|use|save|persist|store|write)|does\\s+not\\s+(?:obey|follow|trust|treat|use|override|instruct)|never\\s+(?:obey|trust|treat|use|override|forward|include)|must\\s+not\\s+(?:obey|trust|treat|use|override|forward|include)|should\\s+(?:report|detect|flag|refuse|block|not\\s+\\w+|never\\b)|must\\s+be\\s+reported|not\\s+obeyed).{0,180}?\\b(?:api\\s+(?:portal|catalog|reference|docs?|documentation)|developer\\s+portal|stoplight|readme(?:\\.com)?|redocly|endpoint\\s+catalog)\\b|\\b(?:api\\s+(?:portal|catalog|reference|docs?|documentation)|developer\\s+portal|stoplight|readme(?:\\.com)?|redocly|endpoint\\s+catalog)\\b.{0,180}?\\b(?:do\\s+not|does\\s+not|never|should\\s+never|must\\s+not)\\b.{0,80}?\\b(?:override|suppress|forward|include|obey|treat)\\b))\n(?=.*(?:\\b(?:stoplight|readme(?:\\.com)?|redocly|api\\s+(?:portal|catalog|reference|documentation|docs)|developer\\s+portal|generated\\s+api\\s+(?:docs|reference)|reference\\s+page|operation\\s+reference|endpoint\\s+catalog|externalDocs|api\\s+styleguide|docs\\s+portal)\\b|(?<!\\w)\"(?:description|summary|externalDocs|markdown|docs|x-agent-policy|scanner_policy|agent_instructions|assistant_note)\"\\s*:))\n(?=.*(?<![A-Za-z0-9])(?:ai\\s+agents?|api\\s+agents?|llm\\s+agents?|assistants?|coding\\s+agents?|security\\s+scanners?|api\\s+scanners?|scanners?|mcp\\s+(?:bridge\\s+)?builders?|tool\\s+builders?|automated\\s+(?:api\\s+)?(?:review|audit|verification)|agents?|reviewers?)(?![A-Za-z0-9])|(?=.*(?<![A-Za-z0-9])(?:agent_instructions?|scanner_policy|assistant_note|agent\\s+instructions?|scanner\\s+instructions?)(?![A-Za-z0-9])))\n(?=.*(?:\n  (?:overrides?|supersed(?:e|es|ed|ing)|takes?\\s+precedence|outranks?|overrules?).{0,80}?(?:system|developer|scanner|security|local).{0,40}?(?:rules?|polic(?:y|ies)|instructions?)\n |(?:primary|single)\\s+source\\s+of\\s+truth.{0,120}?(?:suppress|hide|omit|exclude|downgrade|forward|include|attach|provide|share|send|pass\\s+along)\n |defines?\\s+(?:all\\s+)?(?:scanner|security|api|review|audit|agent)\\s+rules?\n |(?:main|primary|principal|preferred|recommended)\\s+(?:(?:api|portal|catalog|endpoint|developer|docs?|documentation|security|audit|review|verification)\\s+){0,4}(?:guidance|playbook|runbook|procedure|process|policy)\n |(?:agent|scanner|assistant)\\s+(?:instructions?|policy|notes?).{0,120}?(?:suppress|hide|omit|exclude|downgrade|include|forward|attach|provide|share|send)\n |(?:suppress(?:es|ed|ing)?|hide|redact|omit|exclude|downgrade|deprioriti[sz]e|ignore|skip|do\\s+not\\s+report|not\\s+report).{0,80}?(?:findings?|warnings?|alerts?|reports?|flags?|issues?|observations?|diagnostics?|results?|vulnerabilit(?:y|ies)|auth(?:orization)?\\s+findings?|rate[- ]?limit\\s+findings?)\n |(?:treat|mark|classify).{0,80}?as\\s+(?:informational|advisory-only|non-blocking|safe|clean|benign)\n |(?:findings?|warnings?|alerts?|reports?|observations?|diagnostics?|results?|auth(?:orization)?\\s+findings?).{0,60}?(?:are|is|were|was|should\\s+be|must\\s+be)\\s+(?:suppressed|hidden|omitted|excluded|redacted|downgraded|classified\\s+as\\s+(?:informational|advisory-only|non-blocking))\n |(?:keep|leave).{0,80}?(?:findings?|warnings?|observations?|diagnostics?|results?|issues?).{0,40}?out\\s+of.{0,40}?(?:report|summary|memo|client\\s+notes?|generated\\s+docs?)\n |(?:include|forward|send|attach|provide|share|collect|copy|read|export|transfer|hand\\s+off|pass\\s+along|expose).{0,100}?(?:api\\s+keys?|api\\s+tokens?|tokens?|credentials?|authorization|auth\\s+headers?|bearer|session\\s+tokens?|cookies?|env(?:ironment)?\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?)|runtime\\s+(?:context|variables?|config(?:uration)?|settings?|details?)|local\\s+(?:state|config(?:uration)?|settings?)|client\\s+secret)\n))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-059"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-061-archive-container-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-061-archive-container-metadata-poisoning.json
new file mode 100644
index 0000000..ebb5cb9
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-061-archive-container-metadata-poisoning.json
@@ -0,0 +1,40 @@
+{
+  "id": "GLS-DFP-061",
+  "name": "Archive container metadata poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Archive-level comments, TAR/PAX headers, xattrs, or listing-tool metadata can carry agent/scanner-directed policy text that tells AI artifact reviewers to suppress findings or forward local scan context.",
+  "keywords": [
+    "7z comment",
+    "AI agents",
+    "PAXHeader",
+    "agents",
+    "archive metadata",
+    "artifact auditors",
+    "artifact bundle",
+    "assistant",
+    "automated review",
+    "central directory comment",
+    "dependency reviewers",
+    "entry comment",
+    "rar comment",
+    "scanner_policy",
+    "scanners"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:\n  do\\s+not\\s+(?:obey|follow|include|attach|forward|send|share|overrides?|trust|treat|use)\n  |does\\s+not\\s+(?:obey|follow|include|attach|forward|send|share|override|overrides?|trust|treat|instruct)\n  |never\\s+(?:obey|include|attach|forward|send|share|overrides?|trust|treat|use)\n  |must\\s+not\\s+(?:obey|include|attach|forward|send|share|overrides?|trust|treat|use)\n  |should\\s+(?:not\\s+\\w+|never\\b|report|detect|flag|refuse|block)\n  |security\\s+report|incident\\s+report|vulnerability\\s+disclosure|postmortem|training\\s+note\n  |detected\\s+and\\s+(?:blocked|refused|flagged|remediated)\n  |was\\s+(?:blocked|refused|flagged|detected|remediated)\\s+by\n  |must\\s+be\\s+reported|not\\s+obeyed|not\\s+authoritative|not\\s+(?:a\\s+)?policy|no\\s+(?:policy\\s+)?overrides?|no\\s+agent\\s+instructions?\n))\n(?=.*(?:\n  zip\\s+(?:global\\s+)?comments?|central\\s+directory\\s+comments?|entry\\s+comments?|file\\s+comments?|\n  tar\\s+(?:pax|extended)\\s+headers?|paxheader|schily\\.xattr|libarchive\\.xattr|\n  7z\\s+comments?|rar\\s+comments?|archive\\s+(?:metadata|manifest|comments?|listing)|artifact\\s+bundle|zipinfo|unzip\\s+-z|tar\\s+--xattrs\n))\n(?=.*(?<![a-zA-Z0-9])(?:\n  ai\\s+(?:agents?|assistants?|scanners?|reviewers?|auditors?)|security\\s+scanners?|dependency\\s+(?:reviewers?|agents?)|artifact\\s+(?:auditors?|reviewers?)|\n  automated\\s+(?:(?:artifact|dependency|security|archive)\\s+)?(?:review|audit|scan|verification)|assistants?|scanners?|agents?|auditors?|reviewers?|\n  scanner[_-]policy|agent[_-]instructions?|scanner\\s+(?:policy|instructions?)|agent\\s+(?:policy|instructions?)\n)(?![a-zA-Z0-9]))\n(?=.*(?:\n  (?:single|primary)\\s+source\\s+of\\s+truth|canonical|authoritative|takes?\\s+precedence|overrides?|overrules?|outranks?|supersed(?:e|es|ed|ing)?|\n  governing\\s+document|controlling\\s+document|higher\\s+priority|defines?\\s+(?:all\\s+)?(?:scanner|security|agent|archive|artifact)\\s+rules?|\n  (?:agent|scanner|assistant|auditor)\\s+(?:instructions?|notes?|policy|directive|notice)|\n  (?:main|primary|principal|preferred|recommended|core|standard|default)\\s+(?:(?:archive|artifact|dependency|security|review|verification|audit|package|bundle|scanner)\\s+){0,3}(?:operating\\s+)?(?:guidance|playbook|runbook|procedure|process|policy|framework|protocol)|\n  suppress(?:es|ed|ing)?\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|alerts?|reports?|flags?|issues?|checks?|vulnerabilit(?:y|ies)|dependency\\s+findings?|token-looking\\s+strings?)|\n  hide\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|alerts?|reports?|flags?|issues?|observations?|diagnostics?)|\n  do\\s+not\\s+(?:report|flag|escalate)\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|alerts?|reports?|flags?|issues?|vulnerabilit(?:y|ies))|\n  skip\\b.{0,30}?\\b(?:checks?|scans?|reviews?|audits?|reports?|findings?|warnings?|alerts?)\\b|omit.{0,40}?(?:findings?|reports?|summar(?:y|ies)|issues?|warnings?|observations?|diagnostics?)|\n  exclude\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|reports?|summar(?:y|ies)|issues?|warnings?|flags?|observations?|diagnostics?)|redact.{0,40}?(?:findings?|warnings?|flags?|tokens?|token-looking\\s+strings?)|\n  (?:mark|treat|classify|flag).{0,60}?as\\s+(?:safe|benign|informational|non[-\\s]?blocking|test\\s+fixtures?|advisory-only)|\n  (?:observations?|findings?|results?|diagnostics?|alerts?|issues?|dependency\\s+findings?)\\s+(?:are|is|should\\s+be)\\s+(?:considered|treated|classified|marked|seen|viewed)\\s+(?:as\\s+)?(?:advisory-only|informational|non-blocking|background-only|safe|benign|secondary)|\n  (?:include|attach|forward|send|share|collect|copy|embed|provide|read|populate|expose|relay|transfer|hand\\s+off|pass\\s+along)\\s+(?:[\\w-]+\\s+){0,6}(?:environment\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?)|local\\s+(?:state|context|scan\\s+context)|scan\\s+context|runtime\\s+(?:context|settings?|proof\\s+(?:bundle|package|material|evidence)|evidence|material)|auth(?:orization)?\\s+headers?|cookies?|tokens?|api\\s+keys?|bearer\\s+tokens?|session\\s+(?:tokens?|storage)|proof\\s+(?:bundle|package|material|evidence))\n))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-061"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-062-autotools-build-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-062-autotools-build-metadata-poisoning.json
new file mode 100644
index 0000000..2cf15da
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-062-autotools-build-metadata-poisoning.json
@@ -0,0 +1,38 @@
+{
+  "id": "GLS-DFP-062",
+  "name": "Autotools Build Metadata Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Attacker-controlled Autotools build descriptor text (`configure.ac`, `Makefile.am`, `m4/*.m4`, `aclocal.m4`, generated configure help) can smuggle agent/scanner-directed policy claims that suppress findings or request local build/runtime context.",
+  "keywords": [
+    "--help",
+    "AI agents",
+    "Makefile.am",
+    "aclocal.m4",
+    "agent_instructions",
+    "auditor notes",
+    "automated build review",
+    "config.h.in",
+    "configure.ac",
+    "configure.in",
+    "m4/*.m4",
+    "scanner_policy",
+    "security scanners"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:Autotools|configure\\.ac|configure\\.in|Makefile\\.am|aclocal\\.m4|config\\.h\\.in|configure\\s+scripts?|build\\s+metadata)\\b.{0,180}\\b(?:does\\s+not|do\\s+not|never|must\\s+not|should\\s+never|should\\s+not|is\\s+not|are\\s+not|no)\\b.{0,120}\\b(?:authoritative|agent\\s+policy|policy|instructions?|trusted|used|obeyed|control)\\b)\n(?!.*\\b(?:scanner\\s+docs?|security\\s+(?:guide|reference|report)|training|incident\\s+report|defensive\\s+example|bug\\s+reports?)\\b.{0,220}\\b(?:report|detect|flag|refuse|blocked|detected|not\\s+obeyed|must\\s+be\\s+reported|do\\s+not\\s+include)\\b.{0,160}\\b(?:suppress|hide|omit|include|forward|token|environment|Authorization|config\\.log)\\b)\n(?!.*\\b(?:do\\s+not|never|must\\s+not|should\\s+not)\\s+(?:include|forward|attach|send|share)\\b.{0,140}\\b(?:environment|tokens?|config\\.log|Authorization|local\\s+config)\\b.{0,80}\\b(?:bug\\s+reports?|reports?|issues?)\\b)\n(?=.*(?:\\bconfigure\\.(?:ac|in)\\b|\\bMakefile\\.am\\b|\\baclocal\\.m4\\b|\\bm4/[A-Za-z0-9_.-]+\\.m4\\b|\\bconfig\\.h\\.in\\b|\\bautoconf\\b|\\bautomake\\b|\\bautoreconf\\b|\\bAC_INIT\\b|\\bAM_INIT_AUTOMAKE\\b|\\bAC_CONFIG_FILES\\b|\\bAC_ARG_(?:ENABLE|WITH)\\b|\\bPKG_CHECK_MODULES\\b|generated\\s+configure\\s+help|configure\\s+script\\s+metadata|Autotools\\s+build\\s+metadata|--help\\s+output))\n(?=.*(?:(?<![A-Za-z0-9])(?:ai|autonomous|automated|security|dependency|build|release|code|autotools)?[\\s_-]*(?:agents?|assistants?|scanners?|auditors?|reviewers?|verifiers?|bots?|models?|llms?)(?![A-Za-z0-9])|(?:agent|scanner|assistant|verifier|auditor)[_-]?(?:instructions?|policy|notes?)|automated\\s+(?:build|security|dependency)?\\s*(?:review|audit|scan|verification)))\n(?=.*(?:\n  \\b(?:agent|scanner|assistant|verifier|auditor)\\s+(?:instructions?|policy|notes?)\\b|\n  \\b(?:canonical|authoritative|definitive|governing|controlling)\\b.{0,80}\\b(?:policy|guidance|runbook|rules?|instructions?|source)\\b|\n  \\b(?:single|primary)\\s+source\\s+of\\s+truth\\b|\n  \\b(?:supersedes?|overrides?|overrules?|outranks?|takes\\s+precedence|defines?\\s+(?:the\\s+)?rules?)\\b.{0,100}\\b(?:system|developer|scanner|security|review|build|local)\\b|\n  \\b(?:main|primary|principal|preferred|recommended)\\s+(?:(?:autotools|build|security|dependency|review|audit|verification|release|operating)\\s+){0,4}(?:guidance|runbook|playbook|procedure|process|policy)\\b|\n  \\b(?:suppress(?:es|ed|ing)?|hide|hidden|omit(?:s|ted|ting)?|exclude|redact|downgrade|reclassify|ignore|skip)\\b\\s+(?:[\\w-]+\\s+){0,4}(?:findings?|observations?|results?|diagnostics?|warnings?|alerts?|reports?|issues?|checks?|cves?|vulnerabilities|dependency\\s+findings?|build\\s+findings?)\\b|\n  \\b(?:keep|leave)\\b.{0,100}?\\b(?:findings?|observations?|results?|diagnostics?|warnings?|alerts?|issues?|cves?)\\b.{0,60}?\\bout\\s+of\\s+(?:the\\s+)?(?:report|summary|memo|audit|final\\s+report)\\b|\n  \\b(?:findings?|observations?|results?|diagnostics?|warnings?|alerts?|issues?)\\b\\s+(?:are|is|should\\s+be|must\\s+be)\\s+(?:considered|treated|classified|marked|suppressed|hidden|omitted|excluded|redacted)\\b.{0,80}\\b(?:advisory-only|informational|non-blocking|background(?:-only)?|safe|clean|out\\s+of\\s+scope)\\b|\n  \\b(?:include|attach|forward|send|share|provide|pass\\s+along|hand\\s+over|transfer|relay|collect|copy|read|expose)\\b\\s+(?:[\\w-]+\\s+){0,6}(?:environment\\s+(?:variables?|context|details?|config(?:uration)?|settings?)|runtime\\s+(?:context|details?|config(?:uration)?|settings?|material)|local\\s+(?:state|config(?:uration)?|settings?)|CI\\s+tokens?|API\\s+keys?|Authorization\\s+headers?|auth\\s+tokens?|config\\.log|config\\.cache|build\\s+proof\\s+(?:material|bundle|evidence|details))\\b\n))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-062"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-064-backstage-software-catalog-metadata-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-064-backstage-software-catalog-metadata-agent-policy-poisoning.json
new file mode 100644
index 0000000..cb59fb5
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-064-backstage-software-catalog-metadata-agent-policy-poisoning.json
@@ -0,0 +1,40 @@
+{
+  "id": "GLS-DFP-064",
+  "name": "Backstage Software Catalog Metadata Agent Policy Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Backstage `catalog-info.yaml` and generated software-catalog entity metadata can smuggle agent/scanner-facing policy text that tells AI platform or security agents to treat catalog descriptors as authoritative, suppress service findings, or forward runtime/CI context.",
+  "keywords": [
+    "agent_policy",
+    "apiVersion: backstage.io/",
+    "assistant_note",
+    "catalog-info.yaml",
+    "catalog-info.yml",
+    "consumesApis",
+    "do/does not",
+    "metadata.annotations",
+    "metadata.description",
+    "metadata.labels",
+    "must not",
+    "never",
+    "no policy overrides",
+    "not authoritative",
+    "providesApis"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:(?:security|incident|vulnerability|training|runbook|guide|reference|scanner\\s+docs?|documentation|Backstage\\s+guide|catalog\\s+docs?|software\\s+catalog\\s+docs?).{0,180}?(?:detected|blocked|flagged|refused|should\\s+(?:report|detect|flag|refuse|block)|must\\s+(?:be\\s+)?(?:reported|report|detect|flag|refuse|block)|not\\s+obeyed))\\b)\n(?!.*\\b(?:do\\s+not|does\\s+not|never|must\\s+not|should\\s+never|should\\s+not)\\s+(?:obey|follow|treat|trust|use|include|attach|forward|send|share|override|overrides?|supersede|supersedes|instruct)\\b.{0,180}?\\b(?:Backstage|catalog-info\\.ya?ml|catalog\\s+descriptor|software\\s+catalog|service\\s+catalog|catalog\\s+metadata)\\b)\n(?!.*\\b(?:Backstage|catalog-info\\.ya?ml|catalog\\s+descriptor|software\\s+catalog|service\\s+catalog|catalog\\s+metadata)\\b.{0,180}?\\b(?:is|are)\\s+not\\s+(?:authoritative|policy|instructions?)\\b)\n(?!.*\\bno\\s+(?:policy\\s+)?overrides?\\b)\n(?=.*(?:\\bcatalog-info\\.ya?ml\\b|\\bapiVersion\\s*:\\s*backstage\\.io/|\\bkind\\s*:\\s*(?:Component|API|Resource|System|Domain|Group|User)\\b|\\bBackstage\\s+(?:(?:software\\s+)?catalog|(?:Component|API|Resource|System|Domain|Group|User)\\s+descriptor)\\b|\\b(?:software|service)\\s+catalog\\s+(?:entity|descriptor|metadata|page)\\b|\\bTechDocs\\s+catalog\\s+entity\\b|\\bmetadata\\.(?:description|annotations|labels)\\b|\\bspec\\.(?:owner|system|lifecycle|providesApis|consumesApis)\\b|(?<!\\w)\"(?:apiVersion|kind|metadata|description|annotations|labels|spec|owner|system|lifecycle|providesApis|consumesApis|scanner_policy|agent_policy|assistant_note)\"\\s*:))\n(?=.*(?:\\b(?:ai\\s+agents?|agents?|assistants?|llms?|models?|codex|copilot|cursor|claude)\\b|\\b(?:platform|service\\s+inventory|security|ownership|api\\s+catalog|backstage|catalog|devops)\\s+(?:agents?|assistants?|scanners?|reviewers?|auditors?|verifiers?|bots?)\\b|\\bautomated\\s+(?:(?:service|platform|security|catalog|ownership|backstage)\\s+)?(?:review|audit|scan|verification)\\b|\\b(?:agent|scanner|assistant|verifier|crawler)\\s+(?:instructions?|notes?|policy)\\b|(?<![a-zA-Z0-9])(?:agent_instructions|assistant_note|scanner_policy|agent_policy)(?![a-zA-Z0-9])|\\bBackstage\\s+reviewers?\\b))\n(?=.*(?:\\b(?:authoritative|governing\\s+document|controlling\\s+document|takes?\\s+precedence|overrides?|outranks?|supersed(?:e|es|ed|ing)?|(?:primary|single)\\s+source\\s+of\\s+truth|canonical|definitive)\\b|\\b(?:main|primary|principal|preferred|recommended)\\s+(?:(?:backstage|catalog|service|platform|security|review|audit|verification|inventory|ownership)\\s+){0,4}(?:operating\\s+)?(?:guidance|playbook|runbook|procedure|process|policy)\\b|\\b(?:catalog\\s+descriptor|catalog\\s+metadata|software\\s+catalog|service\\s+catalog)\\s+(?:is|as|serves\\s+as)\\s+(?:the\\s+)?(?:canonical|authoritative|governing|controlling)\\b|\\bdefines?\\s+(?:(?:all|the)\\s+)?(?:(?:scanner|security|agent|catalog|service|platform|review)\\s+){1,3}rules?\\b|\\b(?:agent|scanner|assistant|platform|service\\s+inventory|catalog)\\s+(?:instructions?|policy|directive|note)\\b|(?<![a-zA-Z0-9])(?:agent_instructions|assistant_note|scanner_policy|agent_policy)(?![a-zA-Z0-9])))\n(?=.*(?:\\b(?:suppress|hide|omit|exclude|redact|downgrade|deprioritize|demote|reclassify|skip)\\s+(?:[\\w-]+\\s+){0,4}(?:findings?|warnings?|alerts?|reports?|flags?|issues?|vulnerabilit(?:y|ies)|observations?|results?|diagnostics?|checks?|dependency\\s+findings?|auth\\s+findings?|API\\s+findings?|ownership\\s+warnings?|lifecycle\\s+drift|service-health\\s+warnings?)\\b|\\b(?:do\\s+not|don't|not)\\s+(?:report|flag|escalate)\\s+(?:[\\w-]+\\s+){0,4}(?:findings?|warnings?|alerts?|issues?|observations?|diagnostics?)\\b|\\b(?:treat|mark|classify|consider)\\b.{0,60}?\\b(?:as\\s+)?(?:informational|non-blocking|advisory-only|safe|clean|benign|background-only)\\b|\\b(?:mark|classify)\\s+(?:[\\w-]+\\s+){0,4}(?:service\\s+inventory|service|component|entity|catalog)\\s+(?:as\\s+)?(?:clean|safe|benign)\\b|\\b(?:keep|leave)\\s+(?:[\\w-]+\\s+){0,5}(?:findings?|warnings?|alerts?|issues?|observations?|diagnostics?|results?)\\s+out\\s+of\\s+(?:the\\s+)?(?:report|summary|memo|audit|review|final\\s+report|platform\\s+audit\\s+report)\\b|\\b(?:findings?|warnings?|alerts?|issues?|observations?|diagnostics?|results?)\\s+(?:are|is|were|was|should\\s+be|must\\s+be)\\s+(?:not\\s+)?(?:suppressed|hidden|omitted|excluded|redacted|downgraded|treated|considered|classified)\\b|\\b(?:include|attach|forward|send|share|provide|expose|collect|copy|read|populate|pass\\s+along|hand\\s+off|relay|transfer)\\s+(?:[\\w-]+\\s+){0,6}(?:api\\s+tokens?|session\\s+tokens?|auth(?:orization)?\\s+headers?|credentials?|secrets?|ci\\s+(?:tokens?|context|variables?)|platform\\s+api\\s+keys?|service\\s+inventory\\s+(?:state|context|details?)|runtime\\s+(?:environment|context|config(?:uration)?|settings?|state|details?|artifacts?|material)|environment\\s+(?:variables?|context|details?|config(?:uration)?|settings?)|local\\s+(?:state|config(?:uration)?|settings?|context))\\b))\n.*$"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-064"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-065-bunfig-bun-runtime-config-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-065-bunfig-bun-runtime-config-metadata-poisoning.json
new file mode 100644
index 0000000..605e5b8
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-065-bunfig-bun-runtime-config-metadata-poisoning.json
@@ -0,0 +1,32 @@
+{
+  "id": "GLS-DFP-065",
+  "name": "Bunfig / Bun runtime config metadata poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Attacker-controlled Bun configuration or lock/runtime metadata (`bunfig.toml`, `bun.lock`, `bun.lockb`, package-manager Bun fields, registry/install notes) can tell AI dependency/security agents to treat the metadata as higher-priority policy, suppress audit findings, or forward local registry/runti",
+  "keywords": [
+    "bun install",
+    "bun.lock",
+    "bun.lockb",
+    "bunfig.toml",
+    "install.scopes",
+    "packageManager: bun",
+    "trustedDependencies"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:do\\s+not\\s+(?:obey|treat|follow|use|trust|override|include|forward|send|share)|does\\s+not\\s+(?:obey|treat|follow|use|trust|override|overrides?|include|forward|send|share)|never\\s+(?:obey|treat|follow|use|trust|override|overrides?|include|forward|send|share|expose)|must\\s+not\\s+(?:obey|treat|follow|use|trust|override|overrides?|include|forward|send|share|expose)|should\\s+(?:report|detect|flag|refuse|block|not\\s+\\w+|never)|not\\s+(?:authoritative|canonical|definitive)|no\\s+(?:policy\\s+)?overrides?|scanners?\\s+docs?\\s+should\\s+(?:report|detect|flag|refuse)|security\\s+(?:training|reference|guide).{0,120}?(?:should\\s+report|must\\s+be\\s+reported|not\\s+obeyed|refuse)|incident\\s+report.{0,160}?(?:detected|blocked|flagged|refused)))\n(?=.*(?:bunfig\\.toml|bun\\.lockb?|bun\\s+install|bun\\s+runtime|bun\\s+configuration|Bun\\.env|bunfig|[\"']?packageManager[\"']?\\s*[:=]\\s*[\"']?bun|trustedDependencies|install\\.scopes|jsx\\s*=|telemetry\\s*=|registry\\s*=))\n(?=.*(?<![a-zA-Z0-9])(?:ai\\s+agents?|agents?|assistants?|coding\\s+agents?|dependency\\s+(?:reviewers?|auditors?|scanners?)|security\\s+(?:scanners?|reviewers?|auditors?)|automated\\s+(?:(?:dependency|package|security|bun)\\s+)?(?:review|audit|scan|verification)|scanner\\s+instructions?|scanner\\s+instruction|agent\\s+instructions?|agent\\s+instruction)(?![a-zA-Z0-9]))\n(?=.*(?:authoritative|canonical|definitive|governing\\s+(?:document|policy)|controlling\\s+(?:document|policy)|(?:primary|single)\\s+source\\s+of\\s+truth|takes\\s+precedence|overrides?|supersedes?|outranks?|overrules?|defines?\\s+(?:all\\s+)?(?:scanner|security|dependency|package|bun|review)\\s+rules?|(?:recommended|preferred|primary|main|principal)\\s+(?:(?:bun|dependency|package|security|audit|review|verification|operating)\\s+){0,4}(?:guidance|playbook|runbook|procedure|process|policy|reference)|(?:agent|scanner|assistant)\\s+(?:instructions?|notes?)))\n(?=.*(?:suppress(?:es|ed|ing)?|hide|hidden|omit(?:ted|s|ting)?|exclude|redact|skip|downgrade|deprioritize|reclassify|(?:do\\s+not|don't|not)\\s+(?:report|flag|escalate)|treat.{0,50}?as\\s+(?:informational|non-blocking|safe|clean|benign|advisory-only)|(?:findings?|warnings?|alerts?|observations?|diagnostics?|issues?|vulnerabilit(?:y|ies)|advisories|CVEs?)\\s+(?:are|is|should\\s+be|must\\s+be|were|was)\\s+(?:suppressed|hidden|omitted|excluded|redacted|downgraded|treated|considered|classified|marked)|(?:include|attach|forward|send|share|provide|expose|collect|relay|pass\\s+along|hand\\s+off)\\s+(?:[\\w-]+\\s+){0,6}(?:API\\s+tokens?|session\\s+keys?|environment\\s+(?:variables?|context|details?|config(?:uration)?|settings?)|local\\s+(?:state|config(?:uration)?|settings?)|runtime\\s+(?:config(?:uration)?|settings?|context|state|details?)|credentials?|auth(?:orization)?\\s+headers?|BUN_AUTH_TOKEN|registry\\s+tokens?|npm\\s+tokens?|bunfig\\s+secrets?)))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-065"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-067-codecov-coveralls-coverage-service-config-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-067-codecov-coveralls-coverage-service-config-metadata-poisoning.json
new file mode 100644
index 0000000..ae90aee
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-067-codecov-coveralls-coverage-service-config-metadata-poisoning.json
@@ -0,0 +1,31 @@
+{
+  "id": "GLS-DFP-067",
+  "name": "Codecov/Coveralls coverage-service config metadata poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Attacker-controlled coverage-service configuration (`codecov.yml`, `.codecov.yml`, `.coveralls.yml`, Coveralls/Codecov YAML comments or custom fields) can smuggle agent-facing policy that tells AI CI/review agents to suppress coverage/security findings or forward CI/runtime context.",
+  "keywords": [
+    ".codecov.yml",
+    ".coveralls.yml",
+    "Codecov",
+    "Coveralls",
+    "agent/scanner instructions",
+    "codecov.yml"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*(?:\\b(?:security|incident|vulnerability|training|runbook|reference|guide|docs?|documentation)\\b.{0,200}\\b(?:detected|blocked|flagged|refused|reported|must\\s+be\\s+reported|not\\s+obeyed|should\\s+(?:report|detect|flag|refuse|block))|(?:codecov|coveralls|coverage\\s+service|coverage\\s+config(?:uration)?|\\.codecov\\.yml|codecov\\.yml|\\.coveralls\\.yml).{0,160}\\b(?:does\\s+not|do\\s+not|never|must\\s+not|should\\s+never|should\\s+not)\\b.{0,80}\\b(?:override|overrides?|supersede|instruct|obey|trust|treat|use)|(?:do\\s+not|does\\s+not|never|must\\s+not|should\\s+not|should\\s+never)\\s+(?:obey|follow|trust|treat|use|override|overrides?|supersede|include|attach|forward|send|share|expose)))\n(?=.*(?:(?<![A-Za-z0-9])(?:\\.codecov\\.ya?ml|codecov\\.ya?ml|\\.coveralls\\.ya?ml)(?![A-Za-z0-9])|\\b(?:Codecov|Coveralls|coverage\\s+service\\s+(?:config|configuration|metadata)|coverage\\s+status|coverage\\s+policy|patch\\s+coverage|project\\s+coverage|coverage\\s+gate|coverage\\s+threshold|codecov\\s+config|coveralls\\s+config)\\b|(?<!\\w)\"(?:coverage|comment|flags|ignore|status|project|patch|after_n_builds|require_ci_to_pass|agent_policy|scanner_policy|x-agent-policy)\"\\s*:|\\b(?:comment|coverage|status|project|patch|flags|ignore|notifications)\\s*:))\n(?=.*(?:\\b(?:ai|autonomous|automated|ci|code|security|dependency|release|coverage|pull-request|pr)\\s+(?:agents?|assistants?|scanners?|reviewers?|auditors?|review|audit|scan|verification|tools?)\\b|\\b(?:agents?|assistants?|scanners?|reviewers?|auditors?)\\b|(?:agent|scanner|assistant|reviewer|auditor)(?:[._-]|\\s+)?(?:instructions?|instruction|policy|notes?|note)|\\bfor\\s+(?:ai\\s+)?(?:agents?|assistants?|scanners?|reviewers?|auditors?)\\b))\n(?=.*(?:\\b(?:authoritative|canonical|definitive|governing|controlling)\\b|(?:primary|single)\\s+source\\s+of\\s+truth|takes?\\s+precedence|supersed(?:e|es|ed|ing)|overrides?|outranks?|overrules?|defines?\\s+(?:all\\s+)?(?:scanner|security|coverage|review|audit|agent|ci)\\s+rules?|(?:agent|scanner|assistant|reviewer|auditor)\\s+(?:instructions?|policy|notes?)|(?:main|primary|principal|preferred|recommended)\\s+(?:(?:coverage|codecov|coveralls|ci|pr|pull-request|release|security|audit|review|verification)\\s+){0,4}(?:operating\\s+)?(?:guidance|playbook|runbook|procedure|process|policy|reference)))\n(?=.*(?:\\b(?:do\\s+not\\s+report|don't\\s+report|not\\s+report|suppress(?:es|ed|ing)?|hide|hides|hidden|redact(?:s|ed|ing)?|omit(?:s|ted|ting)?|exclude(?:s|d|ing)?|skip(?:s|ped|ping)?|downgrade(?:s|d|ing)?|deprioriti[sz]e(?:s|d|ing)?|demote(?:s|d|ing)?|reclassif(?:y|ies|ied|ying)|keep|leave)\\b.{0,80}\\b(?:findings?|warnings?|alerts?|reports?|summaries|diagnostics?|observations?|results?|regressions?|coverage\\s+(?:drops?|regressions?|warnings?|findings?|diagnostics?)|patch\\s+(?:coverage\\s+)?(?:warnings?|findings?)|dependency\\s+findings?|security\\s+findings?)\\b|\\b(?:findings?|warnings?|alerts?|reports?|summaries|diagnostics?|observations?|results?|regressions?)\\b\\s+(?:are|is|were|was|should\\s+be|must\\s+be)\\s+(?:suppressed|hidden|omitted|excluded|redacted|downgraded|deprioriti[sz]ed|treated\\s+as\\s+(?:advisory|advisory-only|informational|non-blocking))|treat.{0,80}?as\\s+(?:informational|advisory-only|non-blocking|safe|clean|benign)|(?:keep|leave).{0,80}?\\bout\\s+of\\s+(?:the\\s+)?(?:report|summary|audit\\s+memo|coverage\\s+summary|final\\s+report)|\\b(?:include|attach|forward|send|share|provide|expose|collect|pass\\s+along|relay|transfer|hand\\s+off)\\b\\s+(?:[\\w-]+\\s+){0,6}(?:api\\s+tokens?|ci\\s+tokens?|auth(?:entication)?\\s+headers?|session\\s+(?:keys?|cookies?|tokens?)|environment\\s+(?:variables?|context|details?|config(?:uration)?|settings?)|runtime\\s+(?:context|variables?|config(?:uration)?|settings?|proof\\s+(?:material|bundle|package|evidence))|local\\s+(?:state|config(?:uration)?|settings?)|credentials?|secrets?)))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-067"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-068-commitlint-config-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-068-commitlint-config-metadata-poisoning.json
new file mode 100644
index 0000000..dba9c94
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-068-commitlint-config-metadata-poisoning.json
@@ -0,0 +1,36 @@
+{
+  "id": "GLS-DFP-068",
+  "name": "Commitlint config metadata poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Commitlint configuration files can smuggle agent-facing commit/release-review instructions that claim authority over scanners, suppress commit-policy or supply-chain findings, or solicit local git/CI credentials from AI coding and release agents.",
+  "keywords": [
+    ".commitlintrc*",
+    "@commitlint/*",
+    "commitlint",
+    "commitlint.config.*",
+    "formatter",
+    "governing policy",
+    "ignores",
+    "package.json",
+    "parserPreset",
+    "preferred procedure",
+    "rules"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:\n  do\\s+not\\s+(?:obey|follow|treat|use|trust|override|overrides?|supersede|include|attach|forward|send|share)\n |does\\s+not\\s+(?:obey|follow|treat|use|trust|override|overrides?|supersede|instruct|authorize)\n |never\\s+(?:obey|follow|treat|use|trust|override|overrides?|supersede|include|attach|forward|send|share)\n |must\\s+not\\s+(?:obey|follow|treat|use|trust|override|overrides?|supersede|include|attach|forward|send|share)\n |should\\s+(?:not\\s+\\w+|never\\b|report|detect|flag|refuse|block)\n |(?:security|incident|vulnerability|training|runbook|reference|guide|docs?)\\b.{0,180}\\b(?:detected|blocked|flagged|refused|reported|must\\s+be\\s+reported|not\\s+obeyed)\n |scanners?\\s+docs?\\s+should\\s+(?:report|detect|flag|refuse|block)\n |(?:commitlint|commit\\s+config(?:uration)?|commit-message\\s+policy|\\.commitlintrc|commitlint\\.config\\.[cm]?[jt]s|package\\.json\\s+commitlint).{0,180}\\b(?:is|are)\\s+not\\s+(?:authoritative|canonical|definitive|policy|instructions?)\n |no\\s+(?:policy\\s+)?overrides?\n))\n(?=.*(?:\n  (?<![A-Za-z0-9])(?:\\.commitlintrc(?:\\.(?:json|ya?ml|toml|js|cjs|mjs|ts))?|commitlint\\.config\\.[cm]?[jt]s|commitlint|@commitlint/(?:cli|config-conventional|config-lerna-scopes|load|lint|parse|format)|conventional\\s+commits?|commit\\s*[-_]?msg\\s+hook|commit-message\\s+policy|commit\\s+lint(?:er)?\\s+config(?:uration)?|parserPreset|type-enum|scope-enum|subject-case|header-max-length|ignores\\s*[:=]|formatter\\s*[:=])(?![A-Za-z0-9])\n |(?<!\\w)\"commitlint\"\\s*:\n |(?<!\\w)\"(?:agent_instructions|scanner_policy|x-agent-policy|commit_policy|assistant_note)\"\\s*:\n))\n(?=.*(?<![A-Za-z0-9])(?:\n  ai\\s+agents?|llm\\s+agents?|agents?|assistants?|commit\\s+(?:agents?|auditors?|reviewers?)|release\\s+(?:agents?|auditors?|reviewers?)|automated\\s+(?:commit\\s+)?(?:review|audit|verification|scanners?)|dependency\\s+(?:reviewers?|auditors?)|security\\s+scanners?|commit\\s+scanners?|scanners?|auditors?|reviewers?|agent[_-]?instructions?|scanner[_-]?policy|assistant[_-]?note\n)(?![A-Za-z0-9]))\n(?=.*(?:\n  agent\\s+instructions?|scanner\\s+instructions?|assistant\\s+note|overrides?|supersed(?:e|es|ed|ing)|takes?\\s+precedence|outranks?|overrules?|(?:primary|single)\\s+source\\s+of\\s+truth|canonical|definitive|authoritative|governing\\s+document|controlling\\s+(?:document|policy)|defines?\\s+(?:all\\s+)?(?:commit|scanner|security|review)\\s+rules?|(?:main|primary|principal|preferred|recommended)\\s+(?:(?:commitlint|commit|conventional|release|package|dependency|security|audit|review|verification|automation)\\s+){0,3}(?:operating\\s+)?(?:guidance|playbook|runbook|procedure|process|policy)\n |suppress(?:es|ed|ing)?|hide|hidden|redact|omit(?:ted|ting)?|exclude|downgrade|deprioriti[sz]e|ignore|skip|do\\s+not\\s+(?:flag|report|escalate)|not\\s+report|treat.{0,60}?as\\s+(?:informational|advisory|advisory-only|non-blocking|safe|clean|benign)|(?:keep|leave).{0,90}?\\bout\\s+of.{0,50}?(?:report|summary|memo|commit\\s+summary|audit\\s+memo|final)|(?:place|put|route|move|shift).{0,90}?(?:observations?|findings?|diagnostics?|results?|issues?|warnings?|alerts?).{0,70}?(?:supplementary|appendix|background|informational|side\\s+notes?)|(?:findings?|warnings?|alerts?|observations?|diagnostics?|results?|issues?|CVEs?|vulnerabilit(?:y|ies)|commit\\s+diagnostics|conventional\\s+commit\\s+warnings?|malformed\\s+commit\\s+findings?).{0,50}?(?:are|is|were|was|should\\s+be|must\\s+be)\\s+(?:not\\s+)?(?:suppressed|hidden|omitted|excluded|redacted|downgraded|deprioriti[sz]ed|treated|classified|marked|considered).{0,40}?(?:advisory|advisory-only|informational|non-blocking|background)?\n |(?:include|attach|forward|send|share|provide|expose|collect|copy|read|export|transfer|hand\\s+off|pass\\s+along|relay|transmit)\\b.{0,120}\\b(?:environment\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?)|runtime\\s+(?:context|variables?|config(?:uration)?|settings?|details?|state)|local\\s+(?:git\\s+)?(?:credential\\s+state|state|config(?:uration)?|settings?)|git\\s+credential\\s+state|execution\\s+context|CI\\s+(?:variables?|secrets?|tokens?)|NPM_TOKEN|GITHUB_TOKEN|GH_TOKEN|npm\\s+(?:auth\\s+)?tokens?|GitHub\\s+tokens?|auth(?:orization)?\\s+headers?|credentials?|secrets?|tokens?|API\\s+keys?|proof\\s+(?:bundle|package|material|evidence)|build\\s+proof\\s+(?:bundle|package|material|evidence))\n))\n(?=.*(?:\n  scanner\\s+rules?|commit\\s+(?:scanner\\s+)?policy|commit-message\\s+policy|findings?|warnings?|alerts?|reports?|flags?|issues?|observations?|diagnostics?|results?|CVEs?|vulnerabilit(?:y|ies)|conventional\\s+commit\\s+warnings?|malformed\\s+commit\\s+findings?|commit\\s+diagnostics?|dependency\\s+findings?|commit\\s+(?:summary|report|memo|audit\\s+memo)|final\\s+report|audit\\s+memo|environment|runtime|local\\s+state|local\\s+git\\s+credential\\s+state|git\\s+credential\\s+state|execution\\s+context|CI\\s+(?:variables?|secrets?|tokens?)|NPM_TOKEN|GITHUB_TOKEN|GH_TOKEN|npm\\s+(?:auth\\s+)?tokens?|GitHub\\s+tokens?|auth(?:orization)?\\s+headers?|credentials?|secrets?|tokens?|API\\s+keys?|proof\\s+(?:bundle|package|material|evidence)|build\\s+proof\\s+(?:bundle|package|material|evidence)\n)).*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-068"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-071-feature-flag-configuration-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-071-feature-flag-configuration-metadata-poisoning.json
new file mode 100644
index 0000000..23eaa04
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-071-feature-flag-configuration-metadata-poisoning.json
@@ -0,0 +1,32 @@
+{
+  "id": "GLS-DFP-071",
+  "name": "Feature Flag Configuration Metadata Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Feature-flag and experimentation metadata can smuggle agent-directed authority, report-suppression, or local-state forwarding instructions into files AI release, QA, and security agents already treat as operational context.",
+  "keywords": [
+    "feature-flags.yml",
+    "flagd",
+    "flags.json",
+    "maintainerNote",
+    "release_agent_instructions",
+    "scanner_policy",
+    "x-agent-policy"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:scanner|security|training|guide|docs?|documentation|runbook|incident|postmortem|report|article|reference)\\b.{0,140}\\b(?:should|must|always|will)\\s+(?:report|detect|flag|refuse|block|warn)\\b)\n(?!.*\\b(?:do\\s+not|does\\s+not|must\\s+not)\\s+(?:obey|follow|treat|use|trust|include|attach|forward|send|share|override|supersede)\\b)\n(?!.*\\bnever\\s+(?:obey|follow|treat|use|trust|include|attach|forward|send|share|override|supersede|overrides?)\\b)\n(?!.*\\b(?:not\\s+authoritative|not\\s+policy|no\\s+policy\\s+overrides?|does\\s+not\\s+instruct|refused|blocked|detected|flagged)\\b)\n(?=.*(?<![a-zA-Z0-9])(?:feature[-_\\s]?flags?|feature_flags|feature-flags\\.ya?ml|flags?\\.(?:json|ya?ml)|flagd|openfeature|launchdarkly|unleash|flagsmith|growthbook|split(?:\\.io)?|optimizely|rollouts?\\.ya?ml|experiments?\\.json|targeting\\s+rules?|variations?|prerequisites?|maintainer[-_]?notes?|x[-_](?:agent|scanner)[-_]policy|scanner_policy|agent_policy|release_agent_instructions)(?![a-zA-Z0-9]))\n(?=.*(?<![a-zA-Z0-9])(?:ai\\s+agents?|autonomous\\s+agents?|coding\\s+assistants?|release\\s+agents?|qa\\s+agents?|security\\s+scanners?|dependency\\s+reviewers?|automated\\s+reviewers?|rollout\\s+auditors?|compliance\\s+auditors?|agents?|assistants?|scanners?|auditors?|reviewers?|bots?|agent[-_]?(?:policy|instructions?)|scanner[-_]?(?:policy|notes?))(?![a-zA-Z0-9]))\n(?=.*(?:\n    (?:agent|scanner|assistant|reviewer|auditor|release\\s+agent)\\s+(?:instructions?|notes?|policy|guidance)\n  | (?:single|primary)\\s+source\\s+of\\s+truth\n  | (?:authoritative|canonical|governing)\\s+(?:release|rollout|scanner|agent|review|security|audit)?\\s*(?:policy|guidance|instructions?|runbook|procedure)\n  | (?:overrides?|supersed(?:e|es|ed|ing)|outranks?|takes?\\s+precedence\\s+over|ignore)\\s+(?:[\\w-]+\\s+){0,3}(?:system|developer|scanner|security|audit|review|ci|policy|rules?|instructions?)\n  | (?:suppress(?:es|ed|ing)?|hide|hides|hid|omit(?:s|ted|ting)?|redact(?:s|ed|ing)?|downgrade(?:s|d|ing)?|deprioriti[sz]e(?:s|d|ing)?|exclude(?:s|d|ing)?|defer(?:s|red|ring)?|waive(?:s|d|ing)?)\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|reports?|cves?|vulnerabilit(?:y|ies)|regressions?|failures?|scanner\\s+flags?|security\\s+issues?|audit\\s+items?)\n  | (?:mark|treat|classify|flag)\\b.{0,50}?\\b(?:as|non[-\\s]?blocking|informational|advisory|safe|clean|accepted\\s+risk)\n  | (?:do\\s+not|not)\\s+report\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|failures?|regressions?|vulnerabilit(?:y|ies)|cves?)\n  | (?:include|attach|forward|send|share|collect|copy|read|populate)\\s+(?:[\\w-]+\\s+){0,4}(?:env(?:ironment)?\\s+(?:variables?|context)|runtime\\s+config|local\\s+state|session\\s+tokens?|api\\s+keys?|auth(?:orization)?\\s+headers?|cookies?|secrets?)\n))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-071"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-072-git-blame-ignore-revs-file-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-072-git-blame-ignore-revs-file-poisoning.json
new file mode 100644
index 0000000..339e9f7
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-072-git-blame-ignore-revs-file-poisoning.json
@@ -0,0 +1,40 @@
+{
+  "id": "GLS-DFP-072",
+  "name": "Git Blame Ignore Revs File Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "medium",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "`.git-blame-ignore-revs` files control which commits `git blame` skips. Attackers embed agent-targeting instructions in `#` comment lines alongside real formatting SHAs, poisoning both the blame-exclusion list and agent review behavior through a single file.",
+  "keywords": [
+    "**N2 \u2014 Normal git documentation**",
+    "**N3 \u2014 Scanner documentation**",
+    "**N4 \u2014 Security training example**",
+    "**N5 \u2014 Defensive denial**",
+    "**N6 \u2014 Normal comment + SHAs**",
+    "**N7 \u2014 Benign policy explanation**",
+    "--ignore-revs-file",
+    ".git-blame-ignore-revs",
+    ".gitattributes",
+    ".gitmodules",
+    "CODEOWNERS",
+    "Signals:\n- CARRIER:",
+    "audience: ai agent, scanner, reviewer, auditor",
+    "findings ... are suppressed",
+    "git blame"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:\n  (?:scanner|security)\\s+docs?\\s+should\\s+(?:report|detect|flag|refuse|block)\n  |\n  security\\s+training:?\\s+never\\s+obey\n  |\n  (?:do|does)\\s+not\\s+(?:override|obey|follow|include|attach|forward|send|share|trust|treat)\\s+(?:any|system|scanner)\n  |\n  never\\s+(?:obey|include|attach|forward|send|share|override|trust|treat)\\s+(?:\\.git-blame|blame|comments?)\n  |\n  must\\s+not\\s+(?:obey|include|attach|forward|send|share|override|trust|treat)\n  |\n  should\\s+never\\s+be\\s+used\\s+to\\s+suppress\n  |\n  should\\s+(?:not\\s+\\w+|never\\b|report|detect|flag|refuse|block)\n  |\n  (?:is|are)\\s+not\\s+(?:authoritative|a\\s+security\\s+policy|agent\\s+policy|instruction)\n  |\n  do\\s+not\\s+include\\s+(?:API\\s+keys?|tokens?|credentials?)\n))\n(?=.*\\b(?:\\.git-blame-ignore-revs|blame\\.ignoreRevsFile|git\\s+blame|blame\\s+(?:ignore|exclu|analysis|review)|ignore-revs|blame.ignore|blame-ignore|excluded\\s+(?:from|commits).{0,20}?blame|blame\\s+(?:ignore|exclusion)\\s+list)\\b)\n(?=.*\\b(?:\n  (?:AI|LLM|automated|devops|security|dependency|code|build|CI|autonomous|AI-assisted)\\s*(?:[\\w-]+\\s+){0,2}(?:agent|assistant|scanner|tool|review|verifier|auditor)s?\n  |\n  agents?\\s+instruction\n  |\n  (?:scanner|agent|assistant)\\s+(?:instruction|directive|protocol|policy)\n  |\n  (?:for|per)\\s+(?:AI\\s+)?(?:agents?|assistants?|scanners?|reviewers?|auditors?|tools?)\n  |\n  (?:automated|AI|agent|scanner)\\s+(?:review|audit|scan|verification|tool)\n  |\n  (?:review|security|audit)\\s+(?:policy|governance)\n))\n(?=.*\\b(?:\n  (?:canonical|authoritative|definitive|primary|single)\\s+(?:source\\s+of\\s+truth|security\\s+review\\s+policy|policy|description)\n  |\n  (?:this|the)\\s+(?:file|document)\\s+(?:is\\s+(?:an?\\s+)?(?:authoritative|canonical|definitive|the\\s+primary))\n  |\n  (?:overrides?|supersedes?|outranks?)\\s+(?:any|all|your|the)?\\s*(?:project|scanner|agent|system|repository|default)\\s+(?:instructions?|rules?|policy|config(?:uration)?)\n  |\n  (?:agent|scanner|assistant|verifier|crawler)\\s+(?:instructions?|directive|policy|note)\n  |\n  (?:takes?\\s+precedence|primary\\s+source\\s+of\\s+truth|single\\s+source\\s+of\\s+truth)\n  |\n  (?:governing|controlling)\\s+(?:document|policy|protocol)\n  |\n  \\bauthoritative\\b\n  |\n  (?:automated|diagnostic|system)\\s+(?:resolution|procedure|protocol|policy)\n  |\n  (?:review|security|audit)\\s+(?:policy|governance|procedure|protocol)\n))\n(?=.*\\b(?:\n  (?:include|attach|forward|send|provid|expos|shar|reveal|collect|copy|read|populate)\\w*\\s+(?:[\\w-]+\\s+){0,3}(?:environment\\s+(?:variables?|context|details?|config|state|settings?)|runtime\\s+(?:context|variables?|config|settings?|details?)|session\\s+(?:tokens?|keys?|data)|API\\s+(?:keys?|tokens?)|auth\\w*\\s+(?:tokens?|headers?|keys?)|tokens?|secrets?|credentials?|local\\s+state|\\.env|GITHUB_TOKEN|workspace\\s+(?:tokens?|context|state))\n  |\n  (?:suppress|hid|omit|exclud|redact|downgrad|skip|ignor)\\w*\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|alerts?|reports?|flags?|issues?|checks?|notifications?|observations?|diagnostics?|results?|vulnerabilit(?:y|ies)|audits?|scans?)\n  |\n  (?:do\\s+not\\s+(?:report|flag|escalate|show|display|audit|scan|review)|never\\s+(?:report|flag|escalate|audit|scan))\n  |\n  treat.{0,40}?(?:as\\s+)?(?:informational|non-blocking|advisory.only|formatting.only|non.functional)\n  |\n  (?:findings?|warnings?|alerts?|observations?|results?)\\s+(?:[\\w-]+\\s+){0,3}(?:are|is|should\\s+be)\\s+(?:not\\s+)?(?:suppressed|hidden|omitted|redacted|excluded|skipped|downgraded|ignored)\n  |\n  (?:keep|leave)\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|observations?|diagnostics?)\\s+out\\s+of\\s+(?:the\\s+)?(?:reports?|summaries?|memos?|audit\\s+memo|final\\s+report)\n  |\n  downgrade.{0,40}?(?:to\\s+)?(?:informational|background|non-blocking)\n))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-072"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-073-github-action-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-073-github-action-metadata-poisoning.json
new file mode 100644
index 0000000..1685a71
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-073-github-action-metadata-poisoning.json
@@ -0,0 +1,40 @@
+{
+  "id": "GLS-DFP-073",
+  "name": "GitHub Action metadata poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "A malicious reusable GitHub Action can hide agent/scanner-directed instructions in `action.yml` / `action.yaml` metadata fields so AI coding, CI-review, or supply-chain agents treat Marketplace/action descriptor text as policy, suppress findings, or forward local CI/runtime credentials.",
+  "keywords": [
+    "GITHUB_TOKEN",
+    "GitHub Action metadata",
+    "action.yaml",
+    "action.yml",
+    "agent instructions",
+    "attach",
+    "branding",
+    "canonical",
+    "do not report",
+    "findings are considered advisory-only",
+    "forward",
+    "hide",
+    "include",
+    "inputs[].description",
+    "mark as safe"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:\n  do\\s+not\\s+(?:obey|follow|include|attach|forward|send|share|overrides?|trust)\n  |does\\s+not\\s+(?:obey|follow|include|attach|forward|send|share|override|overrides?|trust|instruct)\n  |never\\s+(?:obey|include|attach|forward|send|share|overrides?|trust)\n  |must\\s+not\\s+(?:treat|obey|include|attach|forward|send|share|overrides?|trust)\n  |should\\s+(?:report|detect|flag|refuse|block)\n  |scanners?\\s+docs?\\s+should\\s+(?:report|detect|flag|refuse|block)\n  |(?:security|incident|vulnerability)\\s+reports?.{0,80}?\\b(?:detected|blocked|reported|flagged)\n  |no\\s+policy\\s+overrides?\\s+are\\s+present\n))\n(?=.*(?:\\baction\\.ya?ml\\b|\\bGitHub\\s+Action\\s+(?:metadata|descriptor|Marketplace|page)\\b|\\bMarketplace\\s+action\\s+(?:descriptor|metadata|page)\\b|\\bruns\\s*:\\s*(?:\\n\\s*)?using\\s*:|\\binputs?\\s*:\\s*(?:\\n|$)|\\boutputs?\\s*:\\s*(?:\\n|$)|\\bbranding\\s*:|\\baction\\s+metadata\\s+description\\b))\n(?=.*(?:(?<![A-Za-z0-9])(?:AI\\s+)?(?:agents?|assistants?|scanners?|reviewers?|auditors?|models?|llms?|codex|claude|copilot|cursor)(?![A-Za-z0-9])|your\\s+(?:default\\s+)?(?:instructions?|rules?|polic(?:y|ies))))\n(?=.*(?:\n  overrides?|overrules?|outranks?|supersed(?:e|es|ed|ing)?|takes?\\s+precedence|higher\\s+priority|(?:primary|single)\\s+source\\s+of\\s+truth|canonical|definitive|authoritative|governing\\s+document|controlling\\s+document|agent\\s+(?:instructions?|policy|note)|scanner\\s+(?:instructions?|policy|note)|(?:main|primary|principal|preferred|recommended|core|standard|default)\\s+(?:(?:ci|action|build|security|review|verification|audit|dependency|workflow)\\s+){0,3}(?:operating\\s+)?(?:guidance|playbook|runbook|procedure|process|policy|framework|protocol)\n  |suppress(?:es|ed|ing)?.{0,50}?(?:findings?|warnings?|alerts?|reports?|flags?)|hide\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|alerts?|reports?|flags?)|omit.{0,40}?(?:findings?|reports?|summar(?:y|ies)|issues?|warnings?)|do\\s+not\\s+report|mark.{0,40}?as\\s+(?:informational|safe|low|none)|treat.{0,40}?as\\s+(?:informational|advisory-only|non-blocking|safe)|(?:observations?|findings?|results?|diagnostics?|alerts?|warnings?|vulnerabilit(?:y|ies))\\s+(?:are|is)\\s+(?:considered|treated|classified|marked|seen|viewed)\\s+(?:as\\s+)?(?:advisory-only|informational|non-blocking|background-only|safe|benign|secondary)|findings?\\s+should\\s+(?:be|remain)\\s+(?:suppressed|hidden|omitted|excluded|redacted|removed)\n  |(?:include|attach|forward|send|collect|embed|share|provide|expose|transmit|deliver|relay|transfer|pass\\s+along)\\s+(?:[\\w-]+\\s+){0,4}(?:GITHUB_TOKEN|CI_ENV|Authorization|credentials?|secrets?|tokens?|API\\s+keys?|auth\\s+headers?|runtime\\s+(?:environment\\s+)?context|environment\\s+(?:variables?|context)|local\\s+state)|(?:credentials?|tokens?|API\\s+keys?|auth\\s+headers?|runtime\\s+context|environment\\s+variables?|local\\s+state)\\s+(?:should|must|can|may)\\s+(?:be|get)\\s+(?:relayed|transferred|handed\\s+off|sent|passed\\s+along|included|attached|forwarded|shared|provided|exposed)\n))"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-073"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-074-har-proxy-export-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-074-har-proxy-export-metadata-poisoning.json
new file mode 100644
index 0000000..bfa2eb7
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-074-har-proxy-export-metadata-poisoning.json
@@ -0,0 +1,40 @@
+{
+  "id": "GLS-DFP-074",
+  "name": "HAR / Proxy Export Metadata Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Browser HAR files, proxy captures, and DevTools network exports can carry agent/scanner-directed instructions in comments, custom fields, response headers, or captured bodies that tell AI auditors to treat the capture as policy, suppress findings, or forward local auth/runtime material.",
+  "keywords": [
+    ".har",
+    "Authorization",
+    "Chrome DevTools network export",
+    "Firefox Network Monitor",
+    "HAR 1.2",
+    "HTTP Archive",
+    "Set-Cookie",
+    "agent_policy",
+    "assistant_note",
+    "crawler_notice",
+    "log._comment",
+    "log.entries",
+    "mitmproxy",
+    "proxy capture",
+    "request.headers"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:\n  (?:security\\s+training|browser\\s+support\\s+guide|scanner\\s+docs?|devtools\\s+export\\s+documentation|privacy\\s+review).{0,160}?(?:should\\s+(?:redact|report|detect|flag|refuse|block)|must\\s+not\\s+(?:treat|include|forward|send|share|trust|obey)|never\\s+(?:trust|obey|include|forward|send|share|override|overrides?))\n  |(?:incident\\s+report|security\\s+report|postmortem).{0,180}?(?:detected\\s+and\\s+(?:blocked|refused|flagged|remediated)|was\\s+(?:blocked|refused|flagged|detected|remediated)\\s+by)\n  |(?:no\\s+(?:agent\\s+)?instructions?|no\\s+policy\\s+overrides?\\s+are\\s+present|not\\s+policy)\n  |(?:do\\s+not\\s+(?:obey|follow|include|attach|forward|send|share|overrides?|trust)|does\\s+not\\s+(?:obey|follow|include|attach|forward|send|share|override|overrides?|trust|instruct)|never\\s+(?:obey|include|attach|forward|send|share|overrides?|trust)|must\\s+not\\s+(?:treat|obey|include|attach|forward|send|share|overrides?|trust))\n))\n(?=.*(?:\n  (?:\\.har|HAR\\s+1\\.2|HTTP\\s+Archive|Chrome\\s+DevTools\\s+network\\s+export|Firefox\\s+Network\\s+Monitor|DevTools\\s+HAR\\s+export|network\\s+export|network\\s+log|proxy\\s+capture|mitmproxy\\s+(?:flow|dump)|proxy\\s+capture\\s+JSON)\n  |(?:log\\._comment|log\\.entries|\"entries\"\\s*:|\"request\"\\s*:|\"response\"\\s*:|response\\.headers|request\\.headers|response\\.content\\.text|\"_comment\"\\s*:|\"content\"\\s*:|\"headers\"\\s*:)\n))\n(?=.*(?<![A-Za-z0-9])(?:AI\\s+agents?|agents?|assistants?|LLM\\s+auditors?|LLMs?|models?|security\\s+scanners?|automated\\s+agents?|automated\\s+verifiers?|browser\\s+auditors?|privacy\\s+auditors?|SEO\\s+agents?|crawlers?|scanner\\s+policy|agent\\s+instructions?|assistant\\s+note|agent[_-]?policy|scanner[_-]?policy|assistant[_-]?note|crawler[_-]?notice|your\\s+(?:default\\s+)?(?:instructions?|rules?|polic(?:y|ies)))(?![A-Za-z0-9]))\n(?=.*(?:\n  overrides?|overrules?|outranks?|supersed(?:e|es|ed|ing)?|takes?\\s+precedence|higher\\s+priority|(?:primary|single)\\s+source\\s+of\\s+truth|canonical|definitive|authoritative|defines?\\s+(?:all\\s+)?(?:scanner|security|agent)\\s+rules?|(?:main|primary|principal|preferred|recommended|core|standard|default)\\s+(?:(?:network|browser|security|privacy|audit|verification|scanner|capture)\\s+){0,3}(?:operating\\s+)?(?:guidance|playbook|runbook|procedure|process|policy|framework|protocol)\n  |(?:agent|scanner|assistant|crawler)\\s+(?:instructions?|policy|note|directive|notice)\n  |suppress(?:es|ed|ing)?.{0,80}?(?:findings?|warnings?|alerts?|reports?|flags?|issues?|observations?|diagnostics?|results?|CSP|CORS|TLS|cookie|redirect)\n  |(?:findings?|warnings?|alerts?|reports?|diagnostics?|results?)\\s+(?:are|is|should\\s+(?:be|remain))\\s+(?:suppressed|hidden|omitted|excluded|redacted|removed|considered|treated|classified|marked|viewed)\\s*(?:as\\s+)?(?:advisory-only|informational|non-blocking|safe|benign|secondary)?\n  |hide\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|alerts?|reports?|flags?|issues?|observations?|diagnostics?|results?|cookie\\s+warnings?)\n  |do\\s+not\\s+(?:report|flag).{0,70}?(?:findings?|warnings?|alerts?|reports?|flags?|issues?|observations?|diagnostics?|results?|CSP|CORS|TLS|cookie)\n  |omit.{0,70}?(?:findings?|reports?|summar(?:y|ies)|issues?|warnings?|CSP|CORS|TLS|cookie|redirect)\n  |treat.{0,50}?as\\s+(?:informational|non[-\\s]?blocking|safe|clean|benign|advisory[-\\s]?only)\n  |(?:include|attach|forward|send|collect|embed|share|provide|expose|transmit|deliver|relay|pass\\s+along)\\s+(?:[\\w-]+\\s+){0,4}(?:Authorization\\s+headers?|auth\\s+headers?|cookies?|session\\s+tokens?|API\\s+keys?|tokens?|credentials?|secrets?|local\\s+state|runtime\\s+(?:environment|context)|environment\\s+(?:variables?|context))\n  |(?:proof|evidence|runtime|environment|debug)\\s+(?:bundle|package|material|context|details?|settings?)\\s+(?:should|must|can|may)\\s+(?:be|get|remain)\\s+(?:relayed|transferred|handed\\s+off|sent|passed\\s+along|included|attached|forwarded|shared|provided|exposed)\n))"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-074"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-075-heroku-app-json-manifest-metadata-agent-policy-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-075-heroku-app-json-manifest-metadata-agent-policy-poisoning.json
new file mode 100644
index 0000000..2d7bf19
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-075-heroku-app-json-manifest-metadata-agent-policy-poisoning.json
@@ -0,0 +1,40 @@
+{
+  "id": "GLS-DFP-075",
+  "name": "Heroku app.json Manifest Metadata Agent Policy Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Heroku/Dokku `app.json` deployment manifests can carry agent/scanner-directed policy text in descriptions, env-var metadata, scripts, or custom fields that tells AI deployment agents to treat the manifest as authoritative, suppress findings, or forward local/platform credentials.",
+  "keywords": [
+    "addons",
+    "agent_policy",
+    "app.json",
+    "assistant_note",
+    "buildpacks",
+    "description",
+    "do/does not",
+    "env",
+    "formation",
+    "must not",
+    "never",
+    "no policy overrides",
+    "not authoritative",
+    "postdeploy",
+    "scanner_policy"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:(?:security|incident|vulnerability|training|runbook|guide|reference|scanner\\s+docs?|documentation|Heroku\\s+guide|Dokku\\s+guide).{0,180}?(?:detected|blocked|flagged|refused|should\\s+(?:report|detect|flag|refuse|block)|must\\s+(?:be\\s+)?(?:reported|report|detect|flag|refuse|block)|not\\s+obeyed))\\b)\n(?!.*\\b(?:do\\s+not|does\\s+not|never|must\\s+not|should\\s+never|should\\s+not)\\s+(?:obey|follow|treat|trust|use|include|attach|forward|send|share|override|overrides?|supersede|supersedes|instruct)\\b.{0,180}?\\b(?:app\\.json|Heroku|Dokku|app\\s+manifest|deployment\\s+manifest)\\b)\n(?!.*\\b(?:app\\.json|Heroku|Dokku|app\\s+manifest|deployment\\s+metadata)\\b.{0,180}?\\b(?:is|are)\\s+not\\s+(?:authoritative|policy|instructions?)\\b)\n(?!.*\\bno\\s+(?:policy\\s+)?overrides?\\b)\n(?=.*(?:\\bapp\\.json\\b|\\b(?:Heroku|Dokku)\\s+app\\s+manifest\\b|\\bapp\\s+manifest\\b|\\bdeployment\\s+manifest\\b|(?<!\\w)\"(?:name|description|env|addons|scripts|formation|buildpacks|stack|keywords|repository|success_url|postdeploy|agent_policy|scanner_policy|assistant_note)\"\\s*:|\\bReview\\s+Apps?\\b|\\bpostdeploy\\b|\\bbuildpacks\\b))\n(?=.*(?:\\b(?:ai\\s+agents?|agents?|assistants?|llms?|models?|codex|copilot|cursor|claude)\\b|\\b(?:deployment|devops|security|app|release|platform|heroku|dokku)\\s+(?:agents?|assistants?|scanners?|reviewers?|auditors?|verifiers?)\\b|\\bautomated\\s+(?:(?:deployment|security|release|app|platform|heroku|dokku)\\s+)?(?:review|audit|scan|verification)\\b|(?<![a-zA-Z0-9])(?:agent_instructions|assistant_note|scanner_policy|agent_policy)(?![a-zA-Z0-9])))\n(?=.*(?:\\b(?:authoritative|governing\\s+document|controlling\\s+document|takes?\\s+precedence|overrides?|outranks?|supersed(?:e|es|ed|ing)?|(?:primary|single)\\s+source\\s+of\\s+truth|canonical|definitive)\\b|\\b(?:main|primary|principal|preferred|recommended)\\s+(?:(?:heroku|dokku|app|deployment|release|platform|security|review|audit|verification)\\s+){0,4}(?:operating\\s+)?(?:guidance|playbook|runbook|procedure|process|policy)\\b|\\bdefines?\\s+(?:(?:all|the)\\s+)?(?:(?:scanner|security|agent|deployment|release|review)\\s+){1,3}rules?\\b|\\b(?:agent|scanner|assistant|deployment|release)\\s+(?:instructions?|policy|directive|note)\\b|(?<![a-zA-Z0-9])(?:agent_instructions|assistant_note|scanner_policy|agent_policy)(?![a-zA-Z0-9])))\n(?=.*(?:\\b(?:suppress|hide|omit|exclude|redact|downgrade|deprioritize|demote|reclassify|skip)\\s+(?:[\\w-]+\\s+){0,4}(?:findings?|warnings?|alerts?|reports?|flags?|issues?|vulnerabilit(?:y|ies)|observations?|results?|diagnostics?|checks?|port\\s+findings?|dyno\\s+findings?|review\\s+apps?\\s+findings?)\\b|\\b(?:do\\s+not|don't|not)\\s+(?:report|flag|escalate)\\s+(?:[\\w-]+\\s+){0,4}(?:findings?|warnings?|alerts?|issues?|observations?|diagnostics?)\\b|\\b(?:treat|mark|classify|consider)\\b.{0,60}?\\b(?:as\\s+)?(?:informational|non-blocking|advisory-only|safe|clean|benign|background-only)\\b|\\b(?:keep|leave)\\s+(?:[\\w-]+\\s+){0,5}(?:findings?|warnings?|alerts?|issues?|observations?|diagnostics?|results?)\\s+out\\s+of\\s+(?:the\\s+)?(?:report|summary|memo|audit|review|final\\s+report|release\\s+memo)\\b|\\b(?:findings?|warnings?|alerts?|issues?|observations?|diagnostics?|results?)\\s+(?:are|is|were|was|should\\s+be|must\\s+be)\\s+(?:not\\s+)?(?:suppressed|hidden|omitted|excluded|redacted|downgraded|treated|considered|classified)\\b|\\b(?:include|attach|forward|send|share|provide|expose|collect|copy|read|populate|pass\\s+along|hand\\s+off|relay|transfer)\\s+(?:[\\w-]+\\s+){0,6}(?:api\\s+tokens?|session\\s+tokens?|auth(?:orization)?\\s+headers?|credentials?|secrets?|HEROKU_API_KEY|DOKKU_TOKEN|heroku\\s+tokens?|platform\\s+api\\s+keys?|config\\s+vars?|environment\\s+(?:variables?|context|details?|config(?:uration)?|settings?)|runtime\\s+(?:context|config(?:uration)?|settings?|state|details?|artifacts?|material)|local\\s+(?:state|config(?:uration)?|settings?|context)|ci\\s+(?:tokens?|context|variables?))\\b))\n.*$"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-075"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-077-jetbrains-run-configuration-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-077-jetbrains-run-configuration-metadata-poisoning.json
new file mode 100644
index 0000000..5205324
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-077-jetbrains-run-configuration-metadata-poisoning.json
@@ -0,0 +1,35 @@
+{
+  "id": "GLS-DFP-077",
+  "name": "JetBrains Run Configuration Metadata Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "JetBrains IDE run/debug configuration XML can carry agent/scanner-directed authority inversion, report suppression, or local-state forwarding instructions that AI coding/debugging agents may mistake for project execution policy.",
+  "keywords": [
+    ".idea/runConfigurations",
+    ".iws",
+    "<configuration>",
+    "<option name=...>",
+    "RunManager",
+    "configuration@name",
+    "option@name",
+    "option@value",
+    "runConfigurations/",
+    "workspace.xml"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:(?:do\\s+not|does\\s+not|never|must\\s+not|should\\s+not|should\\s+never)\\s+(?:obey|follow|treat|use|include|attach|forward|send|share|trust|override|supersede|persist|remember)|(?:(?:scanner|security|training|runbook|guide|reference|incident|documentation)\\s+(?:docs?|report|example|exercise|guidance|reference)|scanners?\\s+docs?).{0,320}?(?:report|detect|flag|refuse|block|not\\s+obey(?:ed)?|must\\s+be\\s+reported|reported,\\s+not\\s+obeyed)|(?:detected|blocked|refused|flagged).{0,120}?(?:hide|suppress|include|forward|tokens?|env(?:ironment)?|credentials?)))\n(?=.*(?:\\.idea/runConfigurations|runConfigurations/|runConfigurations\\s+XML|JetBrains\\s+(?:run|debug)\\s+configuration|IntelliJ\\s+(?:run|debug)\\s+configuration|PyCharm\\s+(?:run|debug)\\s+configuration|WebStorm\\s+(?:run|debug)\\s+configuration|\\brun\\s+configuration\\b|workspace\\.xml|\\.iws\\b|\\bRunManager\\b|<configuration\\b|<component\\s+name=[\"']RunManager[\"']|<option\\s+name=[\"'](?:PROGRAM_PARAMETERS|ENV_FILES|WORKING_DIRECTORY|agent_instructions|scanner_policy)[\"']))\n(?=.*(?<![a-zA-Z0-9])(?:agents?|assistants?|scanners?|verifiers?|auditors?|reviewers?|debuggers?|debug[-\\s]?bots?|coding[-\\s]?agents?|security[-\\s]?review|automated\\s+(?:(?:JetBrains|IntelliJ|PyCharm|WebStorm|debug|run|security|code)\\s+){0,3}(?:review|scan|audit|verification)|llms?|models?)(?![A-Za-z0-9]))\n(?=.*(?:(?:agent|scanner|assistant|verifier|debug[-\\s]?bot)\\s+(?:instructions?|notes?|policy|directive)|\\bauthoritative\\b|(?:primary|single|canonical|definitive|authoritative|controlling|governing|highest\\s+priority|preferred|recommended|main|principal)\\s+(?:(?:JetBrains|IntelliJ|PyCharm|WebStorm|run|debug|audit|security|scanner|review|verification|operating)\\s+){0,4}(?:source\\s+of\\s+truth|policy|guidance|playbook|runbook|procedure|process|instructions?)|(?:overrides?|supersedes?|outranks?|overrules?|takes\\s+precedence|ignore|disregard).{0,100}?(?:system|developer|user|scanner|security|policy|instructions?)))\n(?=.*(?:(?:suppress|hide|omit|redact|exclude|skip|downgrade|deprioritize|demote|reclassify).{0,100}?(?:findings?|warnings?|alerts?|reports?|flags?|issues?|observations?|diagnostics?|results?|vulnerabilit(?:y|ies)|security\\s+review)|(?:leave|keep).{0,100}?(?:findings?|warnings?|alerts?|reports?|flags?|issues?|observations?|diagnostics?|results?|vulnerabilit(?:y|ies)|security\\s+review).{0,60}?(?:out\\s+of|from)|(?:treat|mark|classify|consider|calibrate|frame|place|put|route|move|shift).{0,100}?(?:(?:as\\s+)?(?:informational|non[-\\s]?blocking|advisory[-\\s]?only|safe|clean|background[-\\s]?only|supplementary\\s+notes?\\s+only)|(?:report|configuration).{0,40}?clean)|(?:findings?|warnings?|alerts?|observations?|diagnostics?|results?).{0,80}?(?:are|is|should\\s+be|must\\s+be)\\s+(?:suppressed|hidden|omitted|redacted|excluded|downgraded|treated|classified|considered)|(?:include|attach|forward|send|share|provide|expose|collect|copy|read|pass\\s+along|relay|transfer|hand\\s+off|hand\\s+over).{0,120}?(?:api[-_\\s]*keys?|tokens?|secrets?|credentials?|auth(?:orization)?\\s+headers?|bearer|session\\s+(?:keys?|tokens?)|env(?:ironment)?\\s*(?:vars?|variables?|context|details?|settings?|config(?:uration)?)|local\\s+(?:state|config(?:uration)?|settings?)|runtime\\s+(?:context|variables?|details?|settings?|material)|debug\\s+(?:context|state|evidence)|execution\\s+context)))\n.*$"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-077"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-078-lighthouse-web-performance-report-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-078-lighthouse-web-performance-report-metadata-poisoning.json
new file mode 100644
index 0000000..f139035
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-078-lighthouse-web-performance-report-metadata-poisoning.json
@@ -0,0 +1,28 @@
+{
+  "id": "GLS-DFP-078",
+  "name": "Lighthouse / web-performance report metadata poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Lighthouse, PageSpeed, WebPageTest, Core Web Vitals, or performance-budget report text can carry agent-directed policy, suppression, or credential-forwarding instructions that downstream AI web/release/security agents may mistake for trusted review guidance.",
+  "keywords": [
+    "audits",
+    "categories.performance",
+    "finalUrl"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:security|training|scanner|lighthouse|pagespeed|performance)\\s+(?:docs?|guide|reference|runbook|report|article).{0,180}?\\b(?:should|must)\\s+(?:report|detect|flag|refuse|block)\\b)\n(?!.*\\b(?:incident|security|scanner|training|lighthouse|pagespeed|performance)\\s+(?:report|reference|article|corpus|example).{0,200}?\\b(?:detected|blocked|flagged|refused|reported)\\b)\n(?!.*\\b(?:do\\s+not|does\\s+not|never|must\\s+not|should\\s+not)\\s+(?:obey|follow|treat|use|trust|include|attach|forward|send|share|override|overrides?)\\b)\n(?!.*\\bshould\\s+never\\s+(?:be\\s+)?(?:used|obey|follow|treat|trusted?|include|attach|forward|send|share|override|overrides?)\\b)\n(?!.*\\b(?:not\\s+(?:authoritative|canonical)|no\\s+(?:policy\\s+)?overrides?|reported,\\s+not\\s+obeyed|must\\s+be\\s+reported,\\s+not\\s+obeyed)\\b)\n(?=.*(?:\\blighthouse\\b|\\bpagespeed\\b|\\bwebpagetest\\b|\\bcore\\s+web\\s+vitals\\b|\\bperformance\\s+budget\\b|\\bcategories\\s*[.:]\\s*performance\\b|(?<!\\w)\"audits\"\\s*:|\\bLHR\\b|\\bfinalUrl\\b|\\bperformance\\s+report\\b))\n(?=.*(?:\\bAI\\s+(?:release\\s+)?agents?\\b|\\b(?:autonomous|automated)\\s+(?:web|release|security|seo|performance)\\s+(?:review|audit|scan|verification|agents?|scanners?)\\b|\\brelease\\s+agents?\\b|\\bSEO\\s+agents?\\b|\\bperformance\\s+auditors?\\b|\\b(?:agents?|assistants?|scanners?|crawlers?|verifiers?|llms?)\\b|\\b(?:agent|scanner|assistant|verifier)\\s+(?:instructions?|policy|notes?)\\b))\n(?=.*(?:\\b(?:canonical|authoritative|definitive|controlling|governing)\\s+(?:deployment\\s+)?(?:review|policy|guidance|report)\\b|\\b(?:primary|single)\\s+source\\s+of\\s+truth\\b|\\b(?:overrides?|supersedes?|outranks?|overrules?|takes\\s+precedence)\\b|\\b(?:suppress|hide|omit|exclude|redact|downgrade|deprioritize|demote|reclassify|skip)\\s+(?:[\\w-]+\\s+){0,4}(?:findings?|warnings?|alerts?|reports?|diagnostics?|observations?|results?|issues?|vulnerabilit(?:y|ies)|CSP|TLS|security)\\b|\\b(?:findings?|warnings?|alerts?|diagnostics?|observations?|results?|issues?)\\s+(?:are|is|should\\s+be|must\\s+be)\\s+(?:suppressed|hidden|omitted|excluded|redacted|downgraded|treated|classified|marked|considered)\\s+(?:as\\s+)?(?:advisory-only|informational|non-blocking|background-only|safe)\\b|\\b(?:treat|mark|classify|consider).{0,60}?as\\s+(?:informational|advisory-only|non-blocking|safe)\\b|\\b(?:attach|include|forward|send|share|provide|expose|collect|pass\\s+along|relay|transfer)\\s+(?:[\\w-]+\\s+){0,6}(?:environment\\s+(?:variables?|context|details?|config(?:uration)?|settings?)|runtime\\s+(?:context|variables?|details?|config(?:uration)?|settings?|material)|local\\s+(?:state|config(?:uration)?|settings?)|API\\s+keys?|session\\s+tokens?|auth(?:orization)?\\s+headers?)\\b))\n(?=.*(?:\\b(?:findings?|warnings?|alerts?|reports?|diagnostics?|observations?|results?|issues?|vulnerabilit(?:y|ies)|CSP|TLS|security|release\\s+notes?|environment\\s+context|runtime\\s+context|API\\s+keys?|session\\s+tokens?|auth(?:orization)?\\s+headers?)\\b))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-078"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-079-mime-content-disposition-filename-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-079-mime-content-disposition-filename-metadata-poisoning.json
new file mode 100644
index 0000000..c9dc367
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-079-mime-content-disposition-filename-metadata-poisoning.json
@@ -0,0 +1,28 @@
+{
+  "id": "GLS-DFP-079",
+  "name": "MIME Content-Disposition filename metadata poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "medium",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "MIME `Content-Disposition` / attachment filename metadata can carry agent-directed policy, suppression, or credential-forwarding instructions that downstream AI mail, ticket, or security agents may mistake for trusted review guidance.",
+  "keywords": [
+    "agent/scanner/reviewer/mail-ticket audience.",
+    "defensive documentation/training/incident guards.",
+    "mime/attachment filename provenance."
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:do\\s+not|does\\s+not|never|must\\s+not|should\\s+never|should\\s+not)\\s+(?:be\\s+)?(?:obeyed?|followed?|treated?|used?|include|attach|forward|send|share|override|trust).{0,160}?\\b(?:content-disposition|filename\\*?|attachment\\s+filename|mime|attachment\\s+metadata|filenames?))\n(?!.*\\b(?:content-disposition|filename\\*?|attachment\\s+filename|mime|attachment\\s+metadata|filenames?).{0,120}?\\b(?:should\\s+never|should\\s+not|must\\s+not|do\\s+not|does\\s+not)\\s+(?:be\\s+)?(?:used?|treated?|obeyed?|followed?|trusted?))\n(?!.*\\b(?:scanner|security|training|runbook|guide|reference|incident|docs?|article).{0,100}?(?:reported|report|detect|flag|refuse|blocked|not\\s+obeyed|must\\s+be\\s+reported))\n(?=.*(?:content-disposition|filename\\*?\\s*=|attachment;\\s*filename|attachment\\s+filename|mime\\s+headers?|\\.eml|support\\s+attachment|ticket\\s+attachment|rfc\\s*5987))\n(?=.*(?:ai\\s+agents?|agents?|assistants?|scanners?|reviewers?|reviewer|mail\\s+agents?|ticket\\s+agents?|security\\s+agents?|automated\\s+(?:mail|ticket|security|attachment)?\\s*(?:review|scan|audit|verification)|agent[-_\\s]?instructions?|scanner[-_\\s]?instructions?|for[-_\\s]?ai[-_\\s]?agents?))\n(?=.*(?:canonical|authoritative|supersedes?|overrides?|takes\\s+precedence|(?:primary|single)\\s+source\\s+of\\s+truth|governing\\s+document|controlling\\s+document|agent\\s+instructions?|scanner\\s+instructions?|suppress(?:es|ed|ing)?\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|alerts?|reports?|diagnostics?|observations?|results?|issues?)|hide\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|alerts?|reports?|diagnostics?|observations?|results?|issues?)|(?:omit|exclude|redact|downgrade)\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|alerts?|reports?|diagnostics?|observations?|results?|issues?)|treat.{0,50}?as\\s+(?:informational|advisory-only|non-blocking|safe)|(?:findings?|warnings?|alerts?|observations?|diagnostics?|results?|issues?)\\s+(?:are|is|should\\s+be|must\\s+be)\\s+(?:suppressed|hidden|omitted|excluded|redacted|downgraded|treated|considered|classified|marked)(?:.{0,50}?(?:informational|advisory-only|non-blocking|safe))?|(?:include|forward|send|share|attach|provide|expose|collect|pass\\s+along|relay|transfer)\\s+(?:[\\w-]+\\s+){0,6}(?:env(?:ironment)?(?:\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?))?|runtime\\s+(?:context|variables?|config(?:uration)?|state|settings?|material|details?)|local\\s+(?:state|config(?:uration)?|settings?)|api\\s+keys?|tokens?|auth(?:orization)?\\s+headers?|session\\s+(?:tokens?|cookies?)|cookies?|credentials?)|(?:suppress|hide|omit|exclude|redact|downgrade).{0,60}?(?:findings?|warnings?|alerts?|reports?|diagnostics?|observations?|results?|issues?)|(?:include|forward|send|share|attach|provide|expose|collect|pass[-\\s]+along|relay|transfer).{0,80}?(?:env(?:ironment)?[-_\\s]+(?:variables?|context|details?|config(?:uration)?|state|settings?)|runtime[-_\\s]+(?:context|variables?|config(?:uration)?|state|settings?|material|details?)|local[-_\\s]+(?:state|config(?:uration)?|settings?)|api[-_\\s]+keys?|tokens?|auth(?:orization)?[-_\\s]+headers?|session[-_\\s]+(?:tokens?|cookies?)|cookies?|credentials?)))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-079"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-080-mutation-testing-report-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-080-mutation-testing-report-metadata-poisoning.json
new file mode 100644
index 0000000..255c89c
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-080-mutation-testing-report-metadata-poisoning.json
@@ -0,0 +1,30 @@
+{
+  "id": "GLS-DFP-080",
+  "name": "Mutation testing report metadata poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Mutation-testing reports and their generated HTML/JSON/log metadata can carry agent-directed policy text that asks AI review or CI agents to override mutation thresholds, suppress surviving-mutant findings, or forward runtime/local state.",
+  "keywords": [
+    "do not",
+    "does not",
+    "must not",
+    "never",
+    "should never"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:do\\s+not|does\\s+not|never\\s+|must\\s+not|should\\s+never|should\\s+not)\\s*(?:obey|follow|treat|include|attach|forward|send|share|override|overrides?|trust|use)\\b)\n(?!.*\\b(?:scanner|security|training|runbook|guide|reference|incident|postmortem|docs?)(?:\\s+(?:docs?|report|example|exercise|guidance|reference)|\\s*[:\u2014-])?.{0,180}\\b(?:must\\s+be\\s+reported|not\\s+obeyed|reported|report|detect|detected|flag|flagged|refuse|refused|block|blocked)\\b)\n(?=.*(?:\\b(?:mutation\\s+testing|mutation\\s+score|mutation\\s+report|mutation\\s+coverage|surviving\\s+mutants?|killed\\s+mutants?|escaped\\s+mutants?|mutant\\s+survivors?|mutation\\s+threshold|mutation\\s+gate|quality\\s+gate)\\b|\\b(?:Stryker(?:JS)?|PIT(?:est)?|mutmut|Infection)\\b|mutation-report(?:\\.(?:html|json))?|stryker\\.log|pit-reports?))\n(?=.*(?:\\b(?:ai|autonomous|automated|security|quality|test|ci|build|mutation)\\s+(?:agents?|assistants?|reviewers?|auditors?|scanners?|bots?|tools?|review|audit|scan|verification)\\b|\\b(?:agents?|assistants?|scanners?|reviewers?|auditors?)\\b|(?:agent|scanner|assistant|verifier)\\s+(?:instructions?|notes?|policy)))\n(?=.*(?:\n  (?:\\b(?:single|primary)\\s+source\\s+of\\s+truth\\b|\\b(?:authoritative|canonical|definitive|governing|controlling)\\b|\\b(?:overrides?|supersedes?|outranks?|overrules?|takes\\s+precedence)\\b).{0,100}\\b(?:thresholds?|gates?|polic(?:y|ies)|rules?|findings?|warnings?|alerts?|diagnostics?|reports?)\\b\n  | (?:agent|scanner|assistant|verifier)\\s+(?:instructions?|notes?|policy).{0,120}\\b(?:suppress(?:es|ed|ing)?|hide|hidden|omit(?:s|ted|ting)?|exclude(?:s|d|ing)?|downgrade|deprioritize|redact|skip|ignore|mark|treat|leave|keep|attach|include|forward|send|share|provide|expose|collect|pass\\s+along)\\b\n  | \\b(?:suppress(?:es|ed|ing)?|hide|hidden|omit(?:s|ted|ting)?|exclude(?:s|d|ing)?|redact|skip|ignore|downgrade|deprioritize)\\s+(?:[\\w-]+\\s+){0,4}(?:surviving\\s+mutants?|escaped\\s+mutants?|mutant\\s+survivors?|mutation\\s+(?:findings?|warnings?|alerts?|diagnostics?|results?)|threshold\\s+(?:alerts?|warnings?|failures?)|quality-gate\\s+(?:observations?|findings?)|observations?|findings?|diagnostics?|results?|warnings?|alerts?|reports?)\\b\n  | \\b(?:treat|mark|classify|consider)\\b.{0,60}\\b(?:surviving\\s+mutants?|escaped\\s+mutants?|mutation\\s+(?:findings?|warnings?|alerts?)|threshold\\s+(?:failures?|warnings?)|observations?|findings?|diagnostics?|results?)\\b.{0,60}\\b(?:informational|non-blocking|advisory-only|background-only|clean|safe|benign)\\b\n  | \\b(?:observations?|findings?|diagnostics?|results?|warnings?|alerts?|surviving\\s+mutants?|escaped\\s+mutants?)\\s+(?:are|is|were|was|should\\s+be|must\\s+be)\\s+(?:suppressed|hidden|omitted|excluded|redacted|downgraded|deprioritized|treated|classified|considered)\\b\n  | \\b(?:leave|keep)\\s+(?:[\\w-]+\\s+){0,4}(?:observations?|findings?|diagnostics?|results?|warnings?|alerts?|surviving\\s+mutants?|escaped\\s+mutants?)\\s+out\\s+of\\s+(?:the\\s+)?(?:final\\s+)?(?:summary|report|audit\\s+memo|review\\s+memo|memo)\\b\n  | \\b(?:include|attach|forward|send|share|provide|expose|collect|pass\\s+along|transfer|relay)\\s+(?:[\\w-]+\\s+){0,6}(?:api\\s+tokens?|auth(?:orization)?\\s+headers?|credentials?|session\\s+keys?|environment\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?)|runtime\\s+(?:context|variables?|config(?:uration)?|settings?|state|proof\\s+(?:material|bundle|package))|local\\s+(?:state|config(?:uration)?|settings?)|execution\\s+context)\\b\n))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-080"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-081-playwright-trace-attachment-tool-output-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-081-playwright-trace-attachment-tool-output-poisoning.json
new file mode 100644
index 0000000..ff2d70d
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-081-playwright-trace-attachment-tool-output-poisoning.json
@@ -0,0 +1,40 @@
+{
+  "id": "GLS-DFP-081",
+  "name": "Playwright Trace Attachment Tool-Output Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Attacker-controlled Playwright report artifacts (`playwright-report`, `trace.zip`, screenshots, videos, stdout/stderr attachments, and HTML/blob reports) can smuggle agent-directed instructions into test evidence, causing AI coding or QA agents to suppress findings, trust forged test policy, or forw",
+  "keywords": [
+    "AI test agents",
+    "Allure Playwright",
+    "LLM reviewers",
+    "Playwright",
+    "agent instructions",
+    "assistant directive",
+    "authoritative QA policy",
+    "autonomous QA scanners",
+    "blob-report",
+    "canonical review policy",
+    "final test verdict",
+    "html report",
+    "overrides scanner rules",
+    "playwright-report",
+    "review agents"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*(?:\\b(?:documentation|docs?|training|runbook|reference|incident|postmortem|hardening|policy)\\b.{0,180}?(?:do\\s+not|never|must\\s+not|should\\s+(?:not|report|flag|block|refuse)|detected|blocked|refused|reported|ignored)|\\b(?:do\\s+not|never|must\\s+not)\\s+(?:obey|follow|trust|treat|use|forward|include|attach|send|suppress|hide|downgrade)|\\bnot\\s+(?:authoritative|canonical|trusted|policy)|\\b(?:should|must)\\s+(?:report|flag|block|refuse|ignore)\\b))\n(?=.*(?:Playwright|playwright-report|trace\\.zip|trace\\s+viewer|test\\s+attachment|attachments?\\b|test-results|blob-report|html\\s+report|allure\\s+playwright|screenshot\\s+annotation|video\\s+attachment|\\bstdout\\b|\\bstderr\\b))\n(?=.*(?:(?:AI|LLM|autonomous|security|test|QA|review)\\s*(?:agents?|assistants?|reviewers?|scanners?|bots?)\\b|\\b(?:agent|assistant|scanner|reviewer)[._ -]?(?:instructions?|directive|policy|guidance|note)))\n(?=.*(?:authoritative|canonical|definitive|governing|controlling|single\\s+source\\s+of\\s+truth|overrides?|supersed(?:e|es|ed|ing)|takes\\s+precedence|trusted\\s+(?:test|QA|review)\\s+policy|final\\s+(?:QA|test|security)\\s+verdict))\n(?=.*(?:suppress|hide|omit|exclude|downgrade|downplay|demote|mark\\s+.*(?:clean|safe|informational|non-blocking|passed)|ignore\\s+failures?|do\\s+not\\s+report|include|attach|forward|send|share|expose|collect|relay|pass\\s+along).{0,120}(?:findings?|warnings?|alerts?|failures?|failed\\s+tests?|security\\s+issues?|vulnerabilit(?:y|ies)|tokens?|secrets?|credentials?|auth\\s+headers?|cookies?|environment\\s+(?:variables?|context|state)|runtime\\s+(?:context|state|config)|local\\s+(?:state|config)))"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-081"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-082-python-linter-type-checker-config-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-082-python-linter-type-checker-config-metadata-poisoning.json
new file mode 100644
index 0000000..6319f00
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-082-python-linter-type-checker-config-metadata-poisoning.json
@@ -0,0 +1,38 @@
+{
+  "id": "GLS-DFP-082",
+  "name": "Python linter/type-checker config metadata poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Python linter and type-checker configs can carry agent-directed comments or custom fields that tell AI coding/security agents to treat the config as review policy, suppress findings, or forward local context.",
+  "keywords": [
+    ".flake8",
+    ".pylintrc",
+    "[mypy]",
+    "[pylint]",
+    "agent_instructions",
+    "findings should be suppressed",
+    "mypy.ini",
+    "pyrightconfig.json",
+    "ruff.toml",
+    "scanner instruction",
+    "setup.cfg [flake8]",
+    "tool.mypy",
+    "tool.ruff"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:security\\s+(?:training|guide|reference)|scanner\\s+docs?|defensive\\s+example|incident\\s+report|quoted\\s+attack|do\\s+not\\s+(?:obey|follow|trust|treat|use|save|persist|store|write)|does\\s+not\\s+(?:obey|follow|trust|treat|use|override|instruct)|never\\s+(?:obey|trust|treat|use|override|suppress|forward)|must\\s+not\\s+(?:obey|trust|treat|use|override|suppress|forward)|should\\s+(?:report|detect|flag|refuse|block|not\\s+\\w+|never\\b)).{0,180}?\\b(?:pylintrc|mypy\\.ini|pyrightconfig|ruff\\.toml|flake8|Python\\s+(?:lint|type-check|static-analysis)|linter\\s+config)\\b)\n(?=.*(?:(?<!\\w)(?:\\.pylintrc|\\.mypy\\.ini|\\.ruff\\.toml|\\.flake8)(?!\\w)|\\b(?:pylintrc|mypy\\.ini|pyrightconfig\\.json|ruff\\.toml|setup\\.cfg|\\[mypy\\]|\\[flake8\\]|\\[pylint\\]|tool\\.ruff|tool\\.mypy)\\b|\\bPython\\s+(?:lint|type-check|type\\s+check|static-analysis)\\s+(?:config|configuration|metadata)\\b|\\blinter\\s+config(?:uration)?\\b|\\btype-checker\\s+config(?:uration)?\\b))\n(?=.*(?<![A-Za-z0-9])(?:ai\\s+agents?|agents?|assistants?|llms?|codex|claude|copilot|cursor|scanners?|reviewers?|auditors?|verifiers?|automated\\s+(?:code\\s+)?(?:review|audit|scan|verification)|dependency\\s+review|security\\s+review|code\\s+review|agent\\s+instructions?|scanner\\s+instructions?|assistant\\s+policy)(?![A-Za-z0-9]))\n(?=.*(?:\\b(?:authoritative|canonical|definitive|governing|controlling)\\b|(?:primary|single)\\s+source\\s+of\\s+truth|takes?\\s+precedence|supersed(?:e|es|ed|ing)|overrides?|outranks?|overrules?|defines?\\s+(?:all\\s+)?(?:scanner|security|review|audit|agent)\\s+rules?|(?:agent|scanner|assistant|reviewer)\\s+(?:instructions?|policy|notes?)|(?:main|primary|principal|preferred|recommended)\\s+(?:(?:python|lint|linter|type-check|type\\s+check|mypy|pylint|ruff|flake8|pyright|security|audit|review|verification)\\s+){0,4}(?:operating\\s+)?(?:guidance|playbook|runbook|procedure|process|policy)))\n(?=.*(?:\\b(?:suppress(?:es|ed|ing)?|hide|omit|exclude|redact|downgrade|deprioritize|demote|reclassify|skip|ignore)\\s+(?:[\\w-]+\\s+){0,4}(?:findings?|warnings?|alerts?|reports?|results?|diagnostics?|observations?|issues?|vulnerabilit(?:y|ies)|type\\s+errors?|lint\\s+errors?)\\b|\\b(?:findings?|warnings?|alerts?|reports?|results?|diagnostics?|observations?|issues?|type\\s+errors?)\\s+(?:are|is|were|was|should\\s+be|must\\s+be)\\s+(?:not\\s+)?(?:suppressed|hidden|omitted|excluded|redacted|downgraded|ignored|classified|treated|considered)\\b|\\b(?:treat|mark|classify).{0,50}?\\bas\\s+(?:informational|advisory-only|non-blocking|background-only)\\b|\\b(?:keep|leave)\\s+(?:[\\w-]+\\s+){0,4}(?:findings?|warnings?|diagnostics?|observations?|issues?)\\s+out\\s+of\\s+(?:the\\s+)?(?:report|summary|audit\\s+memo|final\\s+report)\\b|\\b(?:include|forward|send|share|attach|provide|expose|collect|pass\\s+along|relay|transfer)\\s+(?:[\\w-]+\\s+){0,6}(?:api\\s+keys?|tokens?|auth(?:entication)?\\s+headers?|authorization|credentials?|secrets?|environment\\s+(?:variables?|context|details?|config(?:uration)?|settings?)|runtime\\s+(?:context|details?|config(?:uration)?|settings?)|local\\s+(?:state|config(?:uration)?|settings?))\\b))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-082"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-083-redacted-har-bundle-sidecar-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-083-redacted-har-bundle-sidecar-poisoning.json
new file mode 100644
index 0000000..96c7ac8
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-083-redacted-har-bundle-sidecar-poisoning.json
@@ -0,0 +1,40 @@
+{
+  "id": "GLS-DFP-083",
+  "name": "Redacted HAR Bundle Sidecar Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Redacted HAR/debug bundles can hide agent-directed instructions in adjacent redaction or replay sidecars, causing AI support/security agents to suppress auth/session findings or forward local replay/runtime context even when the HAR itself is benign.",
+  "keywords": [
+    ".har",
+    "HAR bundle",
+    "README-support-bundle.md",
+    "agent_policy",
+    "assistant_note",
+    "capture.har",
+    "debug bundle",
+    "network capture bundle",
+    "proxy capture bundle",
+    "redacted HAR",
+    "redaction rationale",
+    "redaction-summary.md",
+    "redaction.json",
+    "redaction_reason",
+    "replay manifest"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:\n  (?:security\\s+training|support\\s+guide|browser\\s+support\\s+guide|scanner\\s+docs?|redaction\\s+guidance|sanitization\\s+documentation|privacy\\s+review).{0,180}?(?:should\\s+(?:redact|report|detect|flag|refuse|block)|must\\s+not\\s+(?:treat|include|forward|send|share|trust|obey)|never\\s+(?:trust|obey|include|forward|send|share|override|overrides?))\n  |(?:incident\\s+report|security\\s+report|postmortem).{0,200}?(?:detected\\s+and\\s+(?:blocked|refused|flagged|remediated)|was\\s+(?:blocked|refused|flagged|detected|remediated)\\s+by)\n  |(?:no\\s+(?:agent\\s+)?instructions?|no\\s+policy\\s+overrides?\\s+are\\s+present|not\\s+(?:agent\\s+)?policy|not\\s+authoritative)\n  |(?:do\\s+not\\s+(?:obey|follow|include|attach|forward|send|share|overrides?|trust|treat)|does\\s+not\\s+(?:obey|follow|include|attach|forward|send|share|override|overrides?|trust|instruct)|never\\s+(?:obey|include|attach|forward|send|share|overrides?|trust)|must\\s+not\\s+(?:treat|obey|include|attach|forward|send|share|overrides?|trust))\n))\n(?=.*(?:\n  (?:HAR\\s+bundle|redacted\\s+HAR|sanitized\\s+HAR|support\\s+bundle|debug\\s+bundle|network\\s+capture\\s+bundle|proxy\\s+capture\\s+bundle|ticket\\s+attachment|browser\\s+capture\\s+bundle)\n  |(?:redaction[-_\\s]summary|redaction\\.json|redaction_reason|redaction\\s+rationale|sanitization[-_\\s]report|sanitized\\s+capture|replay\\.ya?ml|replay\\s+manifest|replay\\s+note|README-support-bundle|import\\s+notes?)\n  |(?:capture\\.har|\\.har\\b|HAR\\s+1\\.2|Chrome\\s+DevTools\\s+network\\s+export|mitmproxy\\s+(?:dump|flow)|DevTools\\s+HAR\\s+export)\n))\n(?=.*(?<![A-Za-z0-9])(?:AI\\s+agents?|agents?|assistants?|support[-\\s]?agents?|triage\\s+agents?|security\\s+scanners?|automated\\s+scanners?|automated\\s+review|replay\\s+bots?|browser\\s+auditors?|privacy\\s+auditors?|LLM\\s+auditors?|LLMs?|models?|agent\\s+instructions?|scanner\\s+policy|assistant\\s+note|agent[_-]?policy|scanner[_-]?policy|assistant[_-]?note|replay[_-]?note)(?![A-Za-z0-9]))\n(?=.*(?:\n  overrides?|overrules?|outranks?|supersed(?:e|es|ed|ing)?|takes?\\s+precedence|higher\\s+priority|(?:primary|single)\\s+source\\s+of\\s+truth|canonical|definitive|authoritative|defines?\\s+(?:all\\s+)?(?:scanner|security|agent|support)\\s+rules?|(?:main|primary|principal|preferred|recommended|core|standard|default)\\s+(?:(?:support|debug|network|browser|security|privacy|audit|verification|scanner|capture|redaction|replay)\\s+){0,4}(?:operating\\s+)?(?:guidance|playbook|runbook|procedure|process|policy|framework|protocol)\n  |(?:agent|scanner|assistant|support[-\\s]?agent|triage\\s+agent|replay\\s+bot)\\s+(?:instructions?|policy|note|directive|notice)\n  |suppress(?:es|ed|ing)?.{0,90}?(?:findings?|warnings?|alerts?|reports?|flags?|issues?|observations?|diagnostics?|results?|cookies?|sessions?|auth[-\\s]?headers?|Authorization|leakage)\n  |(?:findings?|warnings?|alerts?|reports?|diagnostics?|results?|observations?|leakage)\\s+(?:are|is|should\\s+(?:be|remain))\\s+(?:suppressed|hidden|omitted|excluded|redacted|removed|considered|treated|classified|marked|viewed)\\s*(?:as\\s+)?(?:advisory-only|informational|non-blocking|safe|benign|secondary|user-approved)?\n  |hide\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|alerts?|reports?|flags?|issues?|observations?|diagnostics?|results?|cookie\\s+warnings?|session\\s+findings?)\n  |do\\s+not\\s+(?:report|flag).{0,80}?(?:findings?|warnings?|alerts?|reports?|flags?|issues?|observations?|diagnostics?|results?|cookies?|sessions?|auth[-\\s]?headers?|leakage)\n  |omit.{0,80}?(?:findings?|reports?|summar(?:y|ies)|issues?|warnings?|cookies?|sessions?|auth[-\\s]?headers?|leakage)\n  |(?:mark|classify|label).{0,60}?(?:leakage|findings?|warnings?|results?|auth[-\\s]?headers?|cookies?|sessions?).{0,50}?(?:user-approved|safe|benign|known-good|non-blocking|informational)\n  |treat.{0,60}?as\\s+(?:informational|non[-\\s]?blocking|safe|clean|benign|advisory[-\\s]?only|user-approved)\n  |(?:include|attach|forward|send|collect|embed|share|provide|expose|transmit|deliver|relay|pass\\s+along|hand\\s+off)\\s+(?:[\\w-]+\\s+){0,5}(?:Authorization\\s+headers?|auth[-\\s]?headers?|cookies?|session\\s+tokens?|browser\\s+profile|local\\s+browser\\s+profile|API\\s+keys?|tokens?|credentials?|secrets?|local\\s+state|runtime\\s+(?:environment|context|details?|settings?)|environment\\s+(?:variables?|context|details?|settings?)|replay\\s+(?:context|settings?|details?))\n  |(?:proof|evidence|runtime|environment|debug|replay|browser)\\s+(?:(?:proof|evidence|runtime|environment|debug|replay|browser)\\s+)?(?:bundle|package|material|context|details?|settings?|profile)\\s+(?:should|must|can|may)\\s+(?:be|get|remain)\\s+(?:relayed|transferred|handed\\s+off|sent|passed\\s+along|included|attached|forwarded|shared|provided|exposed)\n))"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-083"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-084-release-please-changesets-config-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-084-release-please-changesets-config-metadata-poisoning.json
new file mode 100644
index 0000000..f29b373
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-084-release-please-changesets-config-metadata-poisoning.json
@@ -0,0 +1,27 @@
+{
+  "id": "GLS-DFP-084",
+  "name": "Release Please / Changesets config metadata poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Attacker-controlled Release Please or Changesets configuration text can smuggle agent/scanner instructions that redefine release-review authority, suppress dependency/release findings, or solicit CI/npm/GitHub credentials from AI release agents.",
+  "keywords": [
+    "preferred release playbook",
+    "release please / changesets carrier context."
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:security\\s+(?:training|guide|reference)|scanner\\s+docs?|defensive\\s+example|incident\\s+report|quoted\\s+attack)\\b.{0,220}\\b(?:report|detect|flag|refuse|block|blocked|detected|not\\s+obeyed|must\\s+be\\s+reported)\\b)\n(?!.*\\b(?:do\\s+not|does\\s+not|never|must\\s+not|should\\s+not|should\\s+never)\\s+(?:obey|follow|trust|treat|use|include|forward|send|share|attach|expose|persist|save|remember|override|overrides?)\\b.{0,160}\\b(?:release[-\\s]?please|changesets?|changeset|release\\s+automation|release\\s+metadata|changelog|tokens?|secrets?|credentials?)\\b)\n(?!.*\\b(?:release[-\\s]?please|changesets?|changeset|release\\s+automation|release\\s+metadata)\\b.{0,160}\\b(?:not\\s+(?:authoritative|canonical|definitive|policy|instructions?)|no\\s+(?:policy\\s+)?overrides?|no\\s+(?:agent|scanner|assistant|release[-\\s]?agent|release\\s+bot)\\s+(?:policy|instructions?|notes?))\\b)\n(?!.*\\bno\\s+(?:agent|scanner|assistant|release[-\\s]?agent|release\\s+bot)\\s+(?:policy|instructions?|notes?)\\b)\n(?=.*(?:(?<![A-Za-z0-9])(?:\\.github/release-please-config\\.json|release-please-config\\.json|\\.release-please-manifest\\.json|\\.changeset/config\\.json|\\.changeset/[\\w.-]+\\.md)(?![A-Za-z0-9])|\\b(?:release[-\\s]?please|changesets?|changeset\\s+config|release\\s+automation\\s+(?:config|metadata)|changelogSections?|release-type|bumpVersions|extra-files|snapshot\\s+release|pre\\.json|version\\s+packages)\\b))\n(?=.*(?:(?<![A-Za-z0-9])(?:agent_instructions?|scanner_policy|assistant_note|release_agent_policy|x[_-](?:agent|scanner|assistant|release)[_-](?:policy|instructions?|note))(?![A-Za-z0-9])|\\b(?:ai\\s+release\\s+agents?|release\\s+agents?|release\\s+bots?|ai\\s+agents?|agents?|assistants?|scanners?|reviewers?|auditors?|automated\\s+(?:release\\s+)?(?:review|audit|verification))\\b|\\b(?:agent|scanner|assistant|release\\s+bot)\\s+(?:instructions?|policy|notes?)\\b))\n(?=.*(?:\n  \\b(?:agent|scanner|assistant|release\\s+bot)\\s+(?:instructions?|policy|notes?)\\b\n |\\b(?:authoritative|canonical|definitive|governing|controlling)\\b.{0,120}\\b(?:release|scanner|security|review|audit|agent)\\s+(?:rules?|polic(?:y|ies)|instructions?|guidance)\\b\n |\\b(?:primary|single)\\s+source\\s+of\\s+truth\\b\n |\\b(?:takes?\\s+precedence|supersed(?:e|es|ed|ing)|overrides?|outranks?|overrules?)\\b.{0,120}\\b(?:system|developer|user|local|scanner|security|release)\\s+(?:rules?|polic(?:y|ies)|instructions?|guidance)\\b\n |\\bdefines?\\s+(?:all\\s+)?(?:release|scanner|security|review|audit|agent)\\s+rules?\\b\n |\\b(?:main|primary|principal|preferred|recommended)\\s+(?:(?:release[-\\s]?please|changesets?|release|changelog|package|dependency|security|audit|review|verification|operating)\\s+){0,4}(?:guidance|playbook|runbook|procedure|process|policy|framework)\\b.{0,180}\\b(?:suppress|hide|omit|exclude|downgrade|reclassify|advisory-only|background-only|non-blocking|findings?|warnings?|observations?|tokens?|credentials?|environment|local\\s+state)\\b\n |\\b(?:suppress|hide|omit|exclude|redact|skip|silence|downgrade|deprioritize|demote|reclassify)\\s+(?:[\\w-]+\\s+){0,4}(?:findings?|warnings?|alerts?|reports?|flags?|issues?|observations?|results?|diagnostics?|CVE|vulnerabilit(?:y|ies)|license\\s+warnings?)\\b\n |\\b(?:do\\s+not|don't|never)\\s+(?:report|flag|escalate|mention|include)\\s+(?:[\\w-]+\\s+){0,4}(?:findings?|warnings?|alerts?|reports?|issues?|observations?|CVE|vulnerabilit(?:y|ies)|license\\s+warnings?)\\b\n |\\b(?:treat|mark|classify|frame|calibrate).{0,60}?\\bas\\s+(?:informational|non[-\\s]?blocking|advisory[-\\s]?only|safe|clean|background[-\\s]?only)\\b\n |\\b(?:observations?|findings?|warnings?|alerts?|results?|diagnostics?|issues?)\\s+(?:are|is|should\\s+be|must\\s+be)\\s+(?:treated|considered|classified|marked|framed|calibrated)\\s+(?:as\\s+)?(?:advisory[-\\s]?only|informational|non[-\\s]?blocking|background[-\\s]?only)\\b\n |\\b(?:keep|leave)\\s+(?:[\\w-]+\\s+){0,5}(?:findings?|warnings?|observations?|diagnostics?|results?|issues?|CVE|vulnerabilit(?:y|ies)|license\\s+warnings?)\\s+out\\s+of\\s+(?:the\\s+)?(?:release\\s+memo|release\\s+report|changelog\\s+summary|final\\s+report|audit\\s+memo|summar(?:y|ies)|reports?|memos?)\\b\n |\\b(?:include|attach|forward|send|share|provide|expose|collect|copy|read|paste|pass\\s+along|hand\\s+off|hand\\s+over|relay|transmit)\\s+(?:[\\w-]+\\s+){0,6}(?:api\\s+keys?|tokens?|secrets?|credentials?|auth(?:orization)?\\s+headers?|bearer\\s+tokens?|github\\s+tokens?|npm\\s+auth\\s+tokens?|ci\\s+environment\\s+variables?|environment\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?)|runtime\\s+(?:context|variables?|config(?:uration)?|settings?|proof\\s+(?:material|bundle|package|evidence))|local\\s+(?:state|config(?:uration)?|settings?))\\b\n))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-084"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-087-webdriverio-selenium-test-config-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-087-webdriverio-selenium-test-config-metadata-poisoning.json
new file mode 100644
index 0000000..4fc28d0
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-087-webdriverio-selenium-test-config-metadata-poisoning.json
@@ -0,0 +1,26 @@
+{
+  "id": "GLS-DFP-087",
+  "name": "WebdriverIO / Selenium test-config metadata poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "WebdriverIO / Selenium test configuration fields and comments can smuggle agent-facing instructions that tell QA/security agents to treat test-runner metadata as authoritative, suppress browser/test findings, or forward runtime/session state.",
+  "keywords": [
+    "wdio.conf.*"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:\n  do\\s+not\\s+(?:obey|follow|treat|trust|include|attach|forward|send|share|override|expose|store)\n |does\\s+not\\s+(?:obey|follow|treat|trust|override|instruct|authorize)\n |never\\s+(?:obey|follow|treat|trust|override|include|forward|expose|store)\n |must\\s+not\\s+(?:obey|follow|treat|trust|override|include|forward|expose|store)\n |should\\s+(?:not\\s+\\w+|never\\b|report|detect|flag|refuse|block)\n |not\\s+(?:authoritative|canonical|definitive)\n |no\\s+(?:finding\\s+suppression|credential\\s+(?:collection|forwarding)|scanner\\s+suppression)\n |(?:security|incident|training)\\s+(?:report|guide|reference|quote).{0,140}?(?:detected|blocked|flagged|refused|must\\s+be\\s+reported|not\\s+obeyed|report\\s+it)\n |scanners?\\s+docs?\\s+should\\s+(?:report|detect|flag|refuse|block)\n)\\b)\n(?=.*(?:\n  (?<![A-Za-z0-9])(?:webdriverio|web\\s*driver\\s*io|wdio\\.conf\\.(?:js|ts|mjs|cjs)|wdio\\s+config|selenium\\s+(?:grid|config|node|capabilit(?:y|ies))|desiredCapabilities|browserstack\\.ya?ml|browserstack\\s+capabilit(?:y|ies)|sauce\\s+labs?|sauce\\s+capabilit(?:y|ies)|test\\s+automation\\s+config|reporter\\s+metadata|service\\s+description)(?![A-Za-z0-9])\n |(?<!\\w)\"(?:capabilities|desiredCapabilities|agentInstructions|scanner_policy|assistant_note|x-agent-policy|reporters|services)\"\\s*:\n))\n(?=.*(?<![A-Za-z0-9])(?:\n  ai\\s+(?:qa\\s+)?agents?|automated\\s+(?:browser|qa|test|release|security)?\\s*(?:review|verification|scan|audit|agents?)|qa\\s+agents?|test\\s+agents?|browser\\s+reviewers?|release\\s+agents?|security\\s+scanners?|scanners?|assistants?|llms?|agents?|reviewers?|verif(?:y|iers?|ication)\n)(?![A-Za-z0-9]))\n(?=.*(?:\n  agent\\s+instructions?|scanner\\s+instructions?|assistant\\s+note|overrides?|supersed(?:e|es|ed|ing)|takes?\\s+precedence|outranks?|(?:primary|single)\\s+source\\s+of\\s+truth|canonical|definitive|authoritative|governing\\s+document|controlling\\s+(?:document|policy)|defines?\\s+(?:all\\s+)?(?:scanner|security|qa|browser|test|release)\\s+rules?|main\\s+operating\\s+guidance|(?:preferred|principal|recommended)\\s+(?:(?:selenium|webdriverio|grid|browser|qa|test|release|verification|security)\\s+){0,3}(?:review\\s+)?(?:guidance|playbook|runbook|procedure|process)\n |suppress(?:es|ed|ing)?|hide|redact|omit|exclude|downgrade|deprioriti[sz]e|ignore|skip|do\\s+not\\s+report|not\\s+report|treat.{0,60}?as\\s+(?:informational|advisory|advisory-only|non-blocking|safe|clean)|(?:keep|leave).{0,80}?out\\s+of.{0,40}?(?:report|summary|memo)|(?:place|put|route|move|shift|calibrate).{0,80}?(?:observations?|findings?|diagnostics?|results?|issues?).{0,60}?(?:supplementary|appendix|background|background[-\\s]?only|informational)|(?:observations?|findings?|warnings?|alerts?|diagnostics?|results?)\\s+(?:are|is|were|was|should\\s+be|must\\s+be)\\s+(?:not\\s+)?(?:suppressed|hidden|omitted|excluded|redacted|downgraded|treated|considered|classified)\n |(?:include|forward|send|attach|provide|share|collect|copy|read|export|transfer|hand\\s+off|hand\\s+over|pass\\s+along|relay|expose).{0,100}?(?:session\\s+(?:cookies?|tokens?|keys?|proof\\s+(?:package|bundle|material|evidence))|auth\\s+headers?|api\\s+tokens?|credentials?|env(?:ironment)?\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?)|runtime\\s+(?:context|config(?:uration)?|settings?|state|material)|local\\s+(?:state|config(?:uration)?|settings?)|build\\s+proof\\s+(?:package|bundle|material|evidence))\n))\n(?=.*(?:findings?|warnings?|alerts?|reports?|flags?|issues?|observations?|diagnostics?|results?|console\\s+diagnostics?|accessibility|cors|browser|session\\s+(?:cookies?|tokens?|keys?)|auth\\s+headers?|tokens?|credentials?|environment\\s+variables?|runtime\\s+config|local\\s+state|build\\s+proof\\s+(?:package|bundle|material|evidence)))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-087"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-088-webgpu-shader-source-comment-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-088-webgpu-shader-source-comment-poisoning.json
new file mode 100644
index 0000000..a7e328e
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-088-webgpu-shader-source-comment-poisoning.json
@@ -0,0 +1,31 @@
+{
+  "id": "GLS-DFP-088",
+  "name": "WebGPU / shader source comment poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Attacker-controlled WebGPU/WebGL shader source comments, shader metadata, or shader compiler-output notes carry instructions to AI code/security agents to suppress shader findings or forward local/browser/runtime secrets.",
+  "keywords": [
+    "agent_policy",
+    "do not obey",
+    "no agent instructions present",
+    "no policy overrides",
+    "scanner_policy",
+    "should report"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:no\\s+(?:agent|scanner|assistant)\\s+instructions?\\s+present|no\\s+(?:policy\\s+)?overrides?)\\b)\n(?!.*\\b(?:\n    no\\s+(?:agent|scanner|assistant)\\s+instructions?\\s+present\n  | no\\s+(?:policy\\s+)?overrides?\n  | do\\s+not\\s+(?:obey|follow|treat|use|trust|forward|include|attach|send|share|override)\n  | does\\s+not\\s+(?:obey|follow|treat|trust|include|forward|send|share|override|instruct)\n  | never\\s+(?:obey|follow|treat|use|trust|include|forward|send|share|override)\n  | must\\s+not\\s+(?:obey|follow|treat|use|trust|include|forward|send|share|override)\n  | should\\s+(?:report|detect|flag|refuse|block|not\\s+\\w+|never\\b)\n)\\b.{0,180}?(?:shader|WGSL|GLSL|HLSL|WebGPU|WebGL|SPIR-V|source\\s+comments?|shader\\s+metadata|compiler\\s+output))\n(?=.*(?:\n    \\b(?:WGSL|GLSL|HLSL|WebGPU|WebGL|SPIR-V|SPIRV)\\b\n  | \\b(?:fragment|vertex|compute)\\s+shader\\b\n  | \\bshader\\s+(?:source|module|comments?|metadata|documentation|compiler\\s+output)\\b\n  | @(?:fragment|vertex|compute)\\b\n  | [#]version\\s+\\d+\n  | \\blayout\\s*\\(\n  | \\bfn\\s+[A-Za-z_][\\w]*\\s*\\(\n))\n(?=.*(?<![A-Za-z0-9])(?:\n    ai\\s+agents?|agents?|assistants?|llms?|models?\n  | code\\s+scanners?|security\\s+scanners?|shader\\s+auditors?|webgpu\\s+auditors?\n  | automated\\s+(?:(?:shader|security|code|webgpu)\\s+)?(?:review|scan|audit|verification)\n  | review\\s+bots?|tool\\s+builders?\n  | agent\\s+instructions?|scanner\\s+instructions?|assistant\\s+note|scanner_policy|agent_policy\n)(?![A-Za-z0-9]))\n(?=.*(?:\n    (?:agent|scanner|assistant|auditor)\\s+(?:instructions?|policy|directive|note)\n  | (?:(?:primary|single)\\s+source\\s+of\\s+truth|canonical|definitive|authoritative|takes\\s+precedence|supersed(?:e|es|ed|ing)|overrides?|outranks?)\\s+(?:[\\w.-]+\\s+){0,6}(?:system|developer|repository|scanner|security|review)\\s+(?:rules?|polic(?:y|ies)|instructions?|guidance)\n  | (?:preferred|recommended|main|primary)\\s+(?:[\\w.-]+\\s+){0,5}(?:shader|webgpu|security|review|audit)\\s+(?:guidance|runbook|playbook|procedure|policy)\n  | (?:suppress|hide|omit|exclude|redact|downgrade|deprioritize|ignore|skip)\\s+(?:[\\w-]+\\s+){0,4}(?:findings?|warnings?|alerts?|reports?|diagnostics?|observations?|results?|vulnerabilit(?:y|ies)|precision\\s+issues?|race\\s+conditions?|validation\\s+errors?)\n  | (?:do\\s+not|don't|never)\\s+report\\s+(?:[\\w-]+\\s+){0,4}(?:findings?|warnings?|alerts?|reports?|diagnostics?|observations?|results?|vulnerabilit(?:y|ies)|precision\\s+issues?|race\\s+conditions?|validation\\s+errors?)\n  | (?:findings?|warnings?|alerts?|reports?|diagnostics?|observations?|results?|precision\\s+issues?|race\\s+conditions?|validation\\s+errors?)\\s+(?:[\\w-]+\\s+){0,4}(?:are|is|were|was|should\\s+be|must\\s+be)\\s+(?:not\\s+)?(?:suppressed|hidden|omitted|excluded|redacted|downgraded|deprioritized|ignored|skipped)\n  | (?:include|forward|send|share|attach|provide|collect|copy|pass\\s+along|hand\\s+off|relay|transfer)\\s+(?:[\\w-]+\\s+){0,6}(?:environment\\s+(?:variables?|context|details?|config(?:uration)?|settings?)|runtime\\s+(?:context|details?|config(?:uration)?|settings?)|local\\s+(?:state|config(?:uration)?|settings?)|api\\s+keys?|tokens?|authorization\\s+headers?|browser\\s+sessions?|cookies?)\n))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-088"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-089-opentelemetry-trace-and-baggage-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-089-opentelemetry-trace-and-baggage-metadata-poisoning.json
new file mode 100644
index 0000000..a5e1254
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-089-opentelemetry-trace-and-baggage-metadata-poisoning.json
@@ -0,0 +1,40 @@
+{
+  "id": "GLS-DFP-089",
+  "name": "OpenTelemetry trace and baggage metadata poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Attacker-controlled OpenTelemetry span/resource/log attributes, `baggage`, or `tracestate` values can carry agent-facing policy instructions that an AI incident-response or security agent may mistake for trusted triage guidance.",
+  "keywords": [
+    "AI agents",
+    "OTLP",
+    "OTel",
+    "OpenTelemetry",
+    "SRE bots",
+    "agent_policy",
+    "automated incident triage",
+    "baggage",
+    "incident agents",
+    "scanner_policy",
+    "security scanners",
+    "service.name",
+    "span_id",
+    "trace_id",
+    "traceparent"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*(?:\\b(?:security\\s+guide|scanner\\s+docs?|training|reference\\s+docs?)\\b.{0,180}\\b(?:should|must|will|was|were)\\s+(?:report|detect|flag|refuse|block|blocked|detected)|\\bincident\\s+report\\b.{0,220}\\b(?:detected|blocked|refused|flagged)\\b|\\b(?:do\\s+not|does\\s+not|never|must\\s+not|should\\s+never)\\s+(?:treat|obey|follow|trust|use|include|forward|send|share|override)\\b.{0,140}\\b(?:OpenTelemetry|OTel|trace|span|baggage|telemetry)|\\b(?:trace|span|baggage|telemetry)\\s+metadata\\s+(?:is|are)\\s+not\\s+(?:policy|authoritative|trusted)))\n(?=.*(?:\\bOpenTelemetry\\b|\\bOTel\\b|\\bOTLP\\b|traceparent|tracestate|\\bbaggage\\b|span\\s+attributes?|resource\\s+attributes?|trace\\s+attributes?|log\\s+attributes?|telemetry\\s+(?:attributes?|metadata)|observability\\s+(?:trace|telemetry)|\"attributes\"\\s*:|service\\.name|trace[_-]?id|span[_-]?id))\n(?=.*(?<![A-Za-z0-9])(?:ai\\s+agents?|incident\\s+(?:agents?|bots?)|assistants?|autonomous\\s+(?:agents?|scanners?)|security\\s+scanners?|review\\s+bots?|verifiers?|auditors?|sre\\s+(?:agents?|bots?)|agent\\s+(?:instructions?|policy|note)|scanner\\s+(?:instructions?|policy|notes?)|for\\s+agents?|automated\\s+(?:incident\\s+)?(?:review|triage|audit|scan|verification))(?![A-Za-z0-9]))\n(?=.*(?:(?:primary|single)\\s+source\\s+of\\s+truth|(?:authoritative|canonical|definitive|governing|controlling|preferred|recommended)\\s+(?:telemetry\\s+|triage\\s+|incident\\s+|scanner\\s+)?(?:policy|guidance|document|runbook|playbook)|takes\\s+precedence|overrides?|supersedes?|outranks?|overrules?|defines?\\s+(?:all\\s+)?(?:scanner|security|agent|triage)\\s+rules?|(?:agent|scanner|assistant|verifier)\\s+(?:instructions?|policy|notes?)|per\\s+(?:policy|requirements?)|pursuant\\s+to|in\\s+accordance\\s+with|suppress(?:es|ed|ing)?\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|reports?|alerts?|flags?|observations?|diagnostics?|incidents?)|(?:findings?|warnings?|reports?|alerts?|flags?|observations?|diagnostics?|incidents?)\\s+(?:are|were|must\\s+be|should\\s+be)\\s+(?:suppressed|hidden|omitted|excluded|redacted)|(?:hide|omit|exclude|redact|skip|downgrade|deprioritize|classify|calibrate)\\s+(?:[\\w-]+\\s+){0,4}(?:findings?|warnings?|reports?|alerts?|flags?|observations?|diagnostics?|incidents?)|do\\s+not\\s+(?:report|flag|include)\\b|treat.{0,60}?as\\s+(?:informational|non[-\\s]?blocking|safe|clean|benign|advisory[-\\s]?only|background[-\\s]?only)|mark.{0,60}?as\\s+(?:safe|clean|benign)|(?:include|attach|forward|send|share|provide|expose|collect|pass\\s+along|hand\\s+over|relay)\\s+(?:[\\w-]+\\s+){0,6}(?:api\\s+tokens?|session\\s+keys?|environment\\s+(?:variables?|context|details?|config(?:uration)?|settings?)|env\\s+vars?|local\\s+(?:state|config(?:uration)?|settings?)|runtime\\s+(?:context|config(?:uration)?|settings?|details?)|credentials?|auth(?:orization)?\\s+headers?|trace\\s+secrets?|baggage\\s+tokens?)))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-089"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-090-powershell-module-manifest-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-090-powershell-module-manifest-metadata-poisoning.json
new file mode 100644
index 0000000..5747212
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-090-powershell-module-manifest-metadata-poisoning.json
@@ -0,0 +1,39 @@
+{
+  "id": "GLS-DFP-090",
+  "name": "PowerShell module manifest metadata poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "PowerShell module manifests (`.psd1`) and adjacent module metadata fields can smuggle agent/scanner-directed policy text that tells AI dependency or security agents to suppress findings or forward local secrets.",
+  "keywords": [
+    ".psd1",
+    "FunctionsToExport",
+    "ModuleVersion",
+    "New-ModuleManifest",
+    "PrivateData.PSData",
+    "ReleaseNotes",
+    "RootModule",
+    "agent_policy",
+    "assistant policy",
+    "does not override",
+    "for agents",
+    "never supersedes",
+    "not authoritative",
+    "scanner_policy"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:\n  (?:PowerShell\\s+module\\s+manifest\\s+docs?|module\\s+manifest\\s+docs?|scanner\\s+docs?)\\s*:?.{0,140}?\\b(?:scanners?\\s+should\\s+(?:report|detect|flag|refuse)|should\\s+(?:report|detect|flag|refuse))\\b\n| (?:training|security\\s+guide|runbook|reference)\\s*:?.{0,180}?\\b(?:agents?\\s+must\\s+not\\s+(?:obey|treat|follow|trust)|do\\s+not\\s+(?:obey|follow|treat|trust|include|attach|forward|send|share|expose|collect)|never\\s+(?:obey|trust|expose|include|forward)|should\\s+never\\s+be\\s+used)\\b\n| (?:incident|security)\\s+report\\b.{0,180}?\\b(?:detected|blocked|flagged|refused)\\b\n| (?:\\.psd1|PowerShell\\s+module\\s+manifest|module\\s+manifest|manifest\\s+metadata|PowerShell\\s+Gallery\\s+release\\s+notes?).{0,140}?\\b(?:is\\s+not\\s+authoritative|not\\s+authoritative|does\\s+not\\s+(?:override|supersede|instruct)|never\\s+(?:overrides?|supersedes?|exposes?)|must\\s+not\\s+(?:obey|treat|follow|trust|include|forward|send|share|expose)|should\\s+never\\s+be\\s+used)\\b\n| (?:not\\s+authoritative|does\\s+not\\s+(?:override|supersede|instruct)|never\\s+(?:overrides?|supersedes?)).{0,120}?\\b(?:should\\s+never\\s+be\\s+used|suppress|forward|include|tokens?|policy|rules?)\\b\n| do\\s+not\\s+include\\s+(?:tokens?|session\\s+keys?|credentials?|environment\\s+variables?)\n))\n(?=.*(?:\n  (?:^|[\\s/`\"'])\\.psd1(?![a-z0-9_-])\n| PowerShell\\s+(?:module\\s+)?manifest\n| New-ModuleManifest\n| PrivateData(?:\\.PSData)?\n| PSData\n| ModuleVersion\n| RootModule\n| FunctionsToExport\n| ReleaseNotes\n| PowerShell\\s+Gallery\\s+(?:summary|metadata|release\\s+notes)\n| (?<!\\w)\"(?:Description|ReleaseNotes|PrivateData|PSData|ModuleVersion|RootModule|Tags|agent_policy|scanner_policy)\"\\s*[:=]\n| \\b(?:Description|ReleaseNotes|Tags)\\s*=\n))\n(?=.*(?:\n  \\b(?:AI|LLM|autonomous|automated|dependency|security|module|PowerShell)\\s+(?:agents?|assistants?|scanners?|auditors?|reviewers?|review|audit|verification)\\b\n| \\b(?:agents?|assistants?|scanners?|auditors?|reviewers?)\\b\n| \\b(?:agent|scanner|assistant)\\s+(?:instructions?|policy|notes?)\\b\n| \\bfor\\s+(?:AI\\s+)?agents?\\b\n| \\bautomated\\s+(?:PowerShell\\s+)?(?:review|audit|verification)\\b\n))\n(?=.*(?:\n  \\b(?:canonical|authoritative|governing|controlling|definitive)\\s+(?:module\\s+|manifest\\s+|security\\s+|dependency\\s+|audit\\s+|review\\s+){0,4}(?:policy|document|metadata|guidance|procedure|runbook)\\b\n| \\b(?:single|primary)\\s+source\\s+of\\s+truth\\b\n| \\b(?:takes\\s+precedence|supersedes?|overrides?|outranks?|overrules?)\\b.{0,80}?\\b(?:system|default|scanner|security|developer|audit)\\s+(?:rules?|policy|guidance|instructions?)\\b\n| \\b(?:recommended|primary|preferred|main)\\s+(?:PowerShell\\s+|module\\s+|security\\s+|dependency\\s+|audit\\s+|review\\s+){0,4}(?:procedure|process|playbook|runbook|guidance)\\b\n| \\b(?:agent|scanner|assistant)\\s+(?:instructions?|policy|notes?)\\b\n| \\b(?:suppress|hide|redact|omit|exclude|skip)\\b.{0,70}?\\b(?:findings?|warnings?|alerts?|reports?|flags?|observations?|diagnostics?|results?|advisories|audit\\s+findings?|vulnerabilit(?:y|ies)|PSScriptAnalyzer|malware-scan|unsigned-command)\\b\n| \\bdo\\s+not\\s+(?:report|flag|escalate)\\b.{0,70}?\\b(?:findings?|warnings?|observations?|diagnostics?|advisories|vulnerabilit(?:y|ies)|PSScriptAnalyzer|malware-scan)\\b\n| \\b(?:treat|mark|classify|downgrade|deprioritize|demote)\\b.{0,70}?\\b(?:findings?|warnings?|observations?|diagnostics?|results?|advisories|unsigned-command|PSScriptAnalyzer)\\b.{0,50}?\\b(?:informational|non-blocking|advisory-only|background|clean|safe|benign)\\b\n| \\b(?:findings?|warnings?|observations?|diagnostics?|results?|advisories)\\b.{0,50}?\\b(?:are|is|should\\s+be|must\\s+be)\\s+(?:suppressed|hidden|omitted|excluded|redacted|treated|classified|marked|downgraded)\\b.{0,40}?\\b(?:informational|non-blocking|advisory-only|background|clean|safe|benign)?\n| \\b(?:keep|leave)\\b.{0,60}?\\b(?:findings?|warnings?|observations?|diagnostics?|vulnerabilit(?:y|ies))\\b.{0,40}?\\bout\\s+of\\s+(?:the\\s+)?(?:audit\\s+memo|final\\s+summary|report|summary)\\b\n| \\b(?:include|attach|forward|send|share|provide|expose|collect|pass\\s+along|hand\\s+over)\\b.{0,80}?\\b(?:API\\s+tokens?|gallery\\s+tokens?|authorization\\s+headers?|auth\\s+headers?|session\\s+keys?|environment\\s+variables?|environment\\s+context|local\\s+state|runtime\\s+config(?:uration)?|runtime\\s+settings?|credentials?|build\\s+proof\\s+(?:material|bundle|evidence|package))\\b\n))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-090"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-095-github-discussion-template-metadata-poisoning.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-095-github-discussion-template-metadata-poisoning.json
new file mode 100644
index 0000000..a631794
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-095-github-discussion-template-metadata-poisoning.json
@@ -0,0 +1,40 @@
+{
+  "id": "GLS-DFP-095",
+  "name": "GitHub Discussion Template Metadata Poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Repository-controlled GitHub Discussion templates or discussion-form YAML fields carry agent-facing instructions that try to turn community routing copy into scanner/reviewer policy.",
+  "keywords": [
+    ".github/DISCUSSION_TEMPLATE",
+    "AI agents",
+    "DISCUSSION_TEMPLATE",
+    "agent instruction",
+    "agents",
+    "assistant policy",
+    "assistants",
+    "auditors",
+    "body[].attributes.description",
+    "category form",
+    "contact_links",
+    "discussion form",
+    "discussion template",
+    "review bots",
+    "reviewer instructions"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:security\\s+training|training\\s+example|scanner\\s+docs?|scanner\\s+documentation|incident\\s+report|postmortem|blocked|detected|flagged|refused)\\b.{0,180}\\b(?:discussion\\s+(?:templates?|forms?)|DISCUSSION_TEMPLATE)\\b)\n(?!.*\\b(?:do\\s+not\\s+(?:obey|follow|treat|trust|include|attach|forward|send|share|override|overrides?)|does\\s+not\\s+(?:obey|follow|treat|trust|include|attach|forward|send|share|override|overrides?)|never\\s+(?:obey|follow|treat|trust|include|attach|forward|send|share|override|overrides?)|must\\s+not\\s+(?:obey|follow|treat|trust|include|attach|forward|send|share|override|overrides?))\\b)\n(?=.*(?:\\.github/DISCUSSION_TEMPLATE|DISCUSSION_TEMPLATE|discussion\\s+(?:templates?|forms?)|category\\s+forms?|contact_links|GitHub\\s+discussions?|body\\[\\]\\.?attributes\\.?description|attributes:\\s*.{0,120}?description:))\n(?=.*(?<![a-zA-Z0-9])(?:ai\\s+agents?|agents?|assistants?|review\\s+bots?|security\\s+bots?|scanners?|auditors?|agent\\s+instructions?|assistant\\s+policy|scanner\\s+notes?|reviewer\\s+instructions?)(?![a-zA-Z0-9]))\n(?=.*(?:authoritative|canonical|(?:primary|single)\\s+source\\s+of\\s+truth|supersed(?:e|es|ed|ing)|overrid(?:e|es|ing|den)|takes?\\s+precedence|governing\\s+policy|trust\\s+this|main\\s+(?:triage|review)\\s+(?:policy|guidance)|suppress(?:es|ed|ing)?\\s+(?:[\\w-]+\\s+){0,3}|hide\\s+(?:[\\w-]+\\s+){0,3}|omit\\s+(?:[\\w-]+\\s+){0,3}|exclude\\s+(?:[\\w-]+\\s+){0,3}|do\\s+not\\s+report|not\\s+report|downgrade\\s+(?:[\\w-]+\\s+){0,3}|treat.{0,40}?as\\s+(?:safe|informational|non[-\\s]?blocking)|mark.{0,40}?as\\s+(?:safe|informational)|include\\s+(?:[\\w-]+\\s+){0,4}|forward\\s+(?:[\\w-]+\\s+){0,4}|attach\\s+(?:[\\w-]+\\s+){0,4}|send\\s+(?:[\\w-]+\\s+){0,4}|collect\\s+(?:[\\w-]+\\s+){0,4}))\n(?=.*(?:findings?|reports?|warnings?|audit\\s+reports?|vulnerabilit(?:y|ies)|auth(?:entication|orization)?\\s+bugs?|dependency\\s+warnings?|security\\s+findings?|tokens?|GitHub\\s+tokens?|API\\s+keys?|authorization\\s+headers?|cookies?|session\\s+tokens?|environment\\s+variables?|env\\s+vars?|local\\s+(?:runtime\\s+)?config|runtime\\s+context|local\\s+state))\n.*$"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-095"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/discovery-file-poisoning/GLS-DFP-096-github-repository-ruleset-branch-protection-export-metadata-.json b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-096-github-repository-ruleset-branch-protection-export-metadata-.json
new file mode 100644
index 0000000..f14fb17
--- /dev/null
+++ b/attack-db/attacks/discovery-file-poisoning/GLS-DFP-096-github-repository-ruleset-branch-protection-export-metadata-.json
@@ -0,0 +1,40 @@
+{
+  "id": "GLS-DFP-096",
+  "name": "GitHub repository ruleset / branch-protection export metadata poisoning",
+  "version": "1.0",
+  "category": "discovery_file_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Repository ruleset or branch-protection exports can smuggle agent-directed policy text that tells AI release/security agents to treat platform governance metadata as higher authority, suppress branch-protection findings, or forward local GitHub/CI context.",
+  "keywords": [
+    "AI agents",
+    "agent_review_policy",
+    "assistant policy",
+    "branch protection",
+    "branch_protection",
+    "bypass_actors",
+    "compliance auditors",
+    "release agents",
+    "required_deployments",
+    "required_pull_request_reviews",
+    "required_status_checks",
+    "review bots",
+    "rule_suite",
+    "ruleset",
+    "rulesets"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:do\\s+not\\s+(?:obey|follow|include|attach|forward|send|share|override|overrides?|trust|treat)|does\\s+not\\s+(?:obey|follow|include|attach|forward|send|share|override|overrides?|trust|instruct)|never\\s+(?:obey|include|attach|forward|send|share|override|overrides?|trust|treat)|must\\s+not\\s+(?:obey|include|attach|forward|send|share|override|overrides?|trust|treat)|should\\s+(?:report|detect|flag|refuse|block)|(?:scanner\\s+docs?|security\\s+training|incident\\s+report|runbook|guide|documentation).{0,160}?(?:report|detect|flag|refuse|block|blocked|detected|flagged)|not\\s+(?:an?\\s+)?(?:authoritative|policy|instructional)|no\\s+agent\\s+instructions?|no\\s+policy\\s+overrides?))\n(?=.*(?:(?<![a-zA-Z0-9])(?:github\\s+)?rulesets?(?![a-zA-Z0-9])|repository\\s+rules?|branch[_\\s-]+protection|required[_\\s-]+status[_\\s-]+checks?|bypass[_\\s-]+actors?|required[_\\s-]+pull[_\\s-]+request[_\\s-]+reviews?|required[_\\s-]+deployments?|rule[_\\s-]+suite|enforcement\\s*[:=]|\"ruleset(?:_name)?\"\\s*:|\"branch_protection\"\\s*:|\"x_agent_review_policy\"\\s*:))\n(?=.*(?:(?<![a-zA-Z0-9])(?:ai\\s+)?(?:agents?|assistants?|scanners?|auditors?|reviewers?)(?![a-zA-Z0-9])|release\\s+agents?|security\\s+scanners?|review\\s+bots?|compliance\\s+auditors?|repository\\s+reviewers?|branch[-\\s]?protection\\s+verifiers?|(?:agent|assistant|scanner|verifier|reviewer)[._](?:policy|instructions?|notes?|review_policy)|(?:agent|assistant|scanner|reviewer)\\s+(?:policy|instructions?|notes?|directive)|your\\s+(?:default\\s+)?(?:instructions?|rules?|polic(?:y|ies))))\n(?=.*(?:overrides?|overrules?|outranks?|supersed(?:e|es|ed|ing)|takes?\\s+precedence|higher\\s+priority|(?:primary|single)\\s+source\\s+of\\s+truth|governing\\s+(?:document|ruleset|policy)|controlling\\s+(?:document|ruleset|policy)|\\bauthoritative\\b|canonical|definitive|defines?\\s+all\\s+(?:scanner|security|agent|review)\\s+rules?|defines?\\s+(?:the\\s+)?rules?\\s+for\\s+(?:(?:automated|AI|scanner|security|agent|release|repository|branch|protection|compliance)\\s+){0,2}(?:review|audit|scan|verification)|(?:main|primary|principal|preferred|recommended|core|standard|default)\\s+(?:(?:release|security|repository|branch|protection|governance|compliance|review|verification|audit)\\s+){0,3}(?:operating\\s+)?(?:guidance|playbook|runbook|procedure|process|policy|framework|protocol)|(?:agent|scanner|assistant|reviewer)\\s+(?:instructions?|policy|note|directive)|\\bfor\\s+(?:ai\\s+)?(?:agents?|scanners?|assistants?|reviewers?).{0,25}?\\bthis\\b|suppress(?:es|ed|ing)?\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|reports?|warnings?|alerts?|flags?|evidence|bypass(?:es)?|required[-\\s]?check\\s+findings?)|hide\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|reports?|flags?|bypass(?:es)?|required[-\\s]?check\\s+findings?)|omit.{0,40}?(?:findings?|reports?|summar(?:y|ies)|issues?|warnings?|branch[-\\s]?protection|required[-\\s]?check|bypass)|exclude.{0,40}?(?:findings?|reports?|summar(?:y|ies)|issues?|warnings?|bypass(?:es)?)|redact.{0,40}?(?:findings?|warnings?|flags?|evidence)|do\\s+not\\s+(?:report|flag|escalate)|skip\\b.{0,40}?\\b(?:security\\s+)?(?:checks?|scans?|reviews?|audits?|reports?|findings?|warnings?|alerts?)\\b|treat.{0,50}?as\\s+(?:informational|non[-\\s]?blocking|safe|low|approved)|mark.{0,50}?as\\s+(?:informational|safe|low|none|approved|clean)|classify.{0,40}?(?:as\\s+)?(?:informational|low|none|false\\s+positive|approved|clean)|(?:observations?|findings?|results?|diagnostics?|alerts?|CVEs?|vulnerabilit(?:y|ies)|issues?|bypasses|required[-\\s]?check\\s+findings?)\\s+(?:are|is)\\s+(?:considered|treated|classified|marked|seen|viewed)\\s+(?:as\\s+)?(?:advisory-only|informational|non-blocking|background-only|safe|benign|secondary|approved)|(?:include|attach|forward|send|collect|embed|share|provide|expose|transmit|deliver|relay|hand\\s+off|pass\\s+along|transfer|copy|read)\\s+(?:[\\w-]+\\s+){0,4}(?:GITHUB_TOKEN|CI_ENV|tokens?|API\\s*keys?|secrets?|credentials?|auth(?:orization)?\\s+headers?|Bearer\\s+tokens?|local\\s+state|runtime\\s+(?:state|context)|environment\\s+(?:variables?|context)|CI\\s+(?:context|variables?|secrets?)|token\\s+scope\\s+summary)|(?:credentials?|tokens?|API\\s+keys?|auth\\s+headers?|CI\\s+context|GITHUB_TOKEN)\\s+(?:should|must|can|may)\\s+(?:be|get)\\s+(?:relayed|forwarded|sent|included|shared|provided|attached|exposed)))"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-DFP-096"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/repo-metadata-poisoning/GLS-RMP-001-github-issue-pr-template-poisoning.json b/attack-db/attacks/repo-metadata-poisoning/GLS-RMP-001-github-issue-pr-template-poisoning.json
new file mode 100644
index 0000000..a053a13
--- /dev/null
+++ b/attack-db/attacks/repo-metadata-poisoning/GLS-RMP-001-github-issue-pr-template-poisoning.json
@@ -0,0 +1,40 @@
+{
+  "id": "GLS-RMP-001",
+  "name": "GitHub Issue/PR Template Poisoning",
+  "version": "1.0",
+  "category": "repo_metadata_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "An attacker embeds hostile instructions in `.github/ISSUE_TEMPLATE/*.md`, `.github/PULL_REQUEST_TEMPLATE.md`, or YAML template config files that AI coding agents fill out when creating GitHub issues and PRs \u2014 causing agent-generated issues to include secrets, suppress security findings, and manipula",
+  "keywords": [
+    "(up to 2 intervening words) instead of",
+    ".github/ISSUE_TEMPLATE/",
+    ".github/PULL_REQUEST_TEMPLATE.md",
+    "ISSUE_TEMPLATE",
+    "Note: This regex uses",
+    "PULL_REQUEST_TEMPLATE",
+    "about:",
+    "assignees:",
+    "config.yml",
+    "do\\s+not",
+    "include",
+    "name: Bug Report",
+    "name: Feature Request",
+    "name: Security Issue",
+    "name: Vulnerability Report"
+  ],
+  "regex": [
+    "(?is)^(?!.*\\b(?:never\\s+(?:treat|obey|override|overrides?|follow|forward|include|suppress)|must\\s+not\\s+(?:treat|obey|follow|use|forward|include|suppress)|do\\s+not\\s+(?:treat|obey|follow|forward)|should\\s+(?:report|detect|flag|refuse|block)|refused|blocked|detected|flagged|training\\s+example|security\\s+report|incident\\s+report|vulnerability\\s+report|docs\\s+should\\s+report|scanner\\s+docs?\\s+should\\s+(?:report|detect|flag|refuse)|learn\\s+how\\s+scanners?\\s+should\\s+report|scanners?\\s+should\\s+(?:report|detect|flag|refuse)\\b|is\\s+not\\s+policy\\s+and\\s+never\\s+overrides|does\\s+not\\s+instruct\\s+agents?\\s+to\\s+(?:forward|include|suppress|override)|template\\s+is\\s+not\\s+authority|never\\s+obey\\s+template\\s+instructions?)\\b)(?=.*\\b(?:ISSUE_TEMPLATE|PULL_REQUEST_TEMPLATE|issue[_\\s]template|pull[_\\s]request[_\\s]template|\\.github[/\\\\](?:ISSUE_TEMPLATE|PULL_REQUEST_TEMPLATE)|config\\.yml.*ISSUE_TEMPLATE|name:\\s*(?:Bug\\s*Report|Feature\\s*Request|Vulnerability\\s*Report|Security\\s*Issue)|about:\\s*(?:Report\\s+(?:a\\s+)?(?:bug|vulnerability|security|issue)|Request\\s+a\\s+feature)|##\\s*Description.*##\\s*Checklist|##\\s*Type\\s+of\\s+Change.*##\\s*Checklist|assignees:\\s+[\\w@-]+)\\b)(?=.*\\b(?:agents?|assistants?|AIs?|coding\\s+assistants?|scanners?|copilot|cursor|codex|claude|llms?)\\b)(?=.*\\b(?:takes?\\s+precedence|authoritative|overrides?\\s+(?:system|developer|user|security|reporter)|outranks?\\s+(?:system|scanner|security)|supersede\\w*\\s+(?:system|scanner)|highest\\s+priority|governing\\s+document|primary\\s+source\\s+of\\s+truth|include\\s+(?:[-\\w]+\\s+){0,2}(?:environment\\s+variables?|API\\s+keys?|tokens?|\\.env|session\\s+identifiers?)|paste\\s+(?:your\\s+)?\\.env|forward\\s+(?:[-\\w]+\\s+){0,2}(?:environment\\s+variables?|tokens?|local\\s+state)|attach\\s+(?:[-\\w]+\\s+){0,2}(?:environment\\s+variables?|runtime\\s+env|API\\s+keys?)|provide\\s+(?:[-\\w]+\\s+){0,2}(?:local\\s+config(?:uration)?|environment\\s+context)|share\\s+(?:[-\\w]+\\s+){0,2}(?:environment\\s+context|runtime\\s+env)|omit\\s+(?:\\w+\\s+){0,2}(?:security\\s+)?(?:findings?|alerts?|warnings?|vulnerabilities?)|exclude\\s+(?:from\\s+)?(?:the\\s+)?(?:final\\s+)?(?:report|findings?|summary)|treat\\s+as\\s+informational|redact\\s+(?:[-\\w]+\\s+){0,2}(?:findings?|alerts?|flags?)|do\\s+not\\s+(?:run|execute)\\s+(?:security\\s+)?scanners?|skip\\s+code\\s+review|bypass\\s+(?:security\\s+)?review|suppress\\s+(?:all\\s+)?(?:scanner|security)\\s+(?:findings?|alerts?|warnings?)|suppress(?:es|ed|ing)?\\s+(?:findings?|alerts?|warnings?|reports?)|hide\\s+(?:this\\s+)?(?:finding|report|from\\s+(?:reports?|scanners?|users?))|(?:add|assign)\\s+@[\\w-]+\\s+as\\s+(?:the\\s+)?(?:\\w+\\s+)?reviewer|do\\s+not\\s+include\\s+@\\w+|must\\s+complete\\s+all\\s+sections\\s+as\\s+instructed|do\\s+not\\s+mention\\s+(?:this|in\\s+reports?))\\b)(?=.*\\b(?:secrets?|tokens?|API[_\\s]keys?|environment\\s+variables?|credentials?|\\.env|session\\s+identifiers?|local\\s+state|findings?|alerts?|reports?|scanners?|code\\s+review|reviewers?|security[_\\s]team)\\b).*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-RMP-001"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/repo-metadata-poisoning/GLS-RMP-002-license-copying-file-agent-policy-poisoning.json b/attack-db/attacks/repo-metadata-poisoning/GLS-RMP-002-license-copying-file-agent-policy-poisoning.json
new file mode 100644
index 0000000..3746d4c
--- /dev/null
+++ b/attack-db/attacks/repo-metadata-poisoning/GLS-RMP-002-license-copying-file-agent-policy-poisoning.json
@@ -0,0 +1,34 @@
+{
+  "id": "GLS-RMP-002",
+  "name": "LICENSE / COPYING File Agent Policy Poisoning",
+  "version": "1.0",
+  "category": "repo_metadata_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "An attacker embeds hostile AI-agent instructions in a repository's LICENSE or COPYING file, blending them with legitimate legal text to exploit the agent's tendency to treat license terms as binding governance \u2014 tricking the agent into leaking credentials, suppressing security findings, and treating",
+  "keywords": [
+    "AI agent",
+    "API_KEY",
+    "Automated System",
+    "GITHUB_TOKEN",
+    "automated analysis",
+    "bearer token",
+    "canonical governing document",
+    "canonical policy",
+    "classify as informational"
+  ],
+  "regex": [
+    "(?six)\n(?!.*\\b(?:do\\s+not\\s+(?:obey|follow|include|attach|forward|send|share|report|override|trust)|never\\s+(?:obey|include|attach|forward|send|share|report|override|trust)|must\\s+not\\s+(?:obey|include|attach|forward|send|share|report|override|trust)))\n(?=.*(?:\\b(?:LICENSE|COPYING|Permission\\s+is\\s+hereby\\s+granted|MIT\\s+License|Apache\\s+License|GPL|BSD)\\b|\\bcopyright\\s+\\([cC]\\)))\n(?=.*(?<![a-zA-Z0-9])(?:AI\\s+agents?|automated\\s+(?:analysis|system|tool)s?|coding\\s+assistants?|language\\s+models?|automated\\s+system|LLMs?)(?![a-zA-Z0-9]))\n(?=.*\\b(?:governing\\s+document|takes?\\s+precedence|overrides?|outranks?|supersedes?|canonical|(?:agent|scanner|assistant|verifier|crawler)\\s+instructions?|(?:agent|scanner|assistant|verifier|crawler)[._](?:policy|instructions?|note))\\b)\n(?=.*(?:\\b(?:API[_.-]?KEY|GITHUB[_.-]?TOKEN|OPENAI[_.-]?API[_.-]?KEY|ANTHROPIC[_.-]?API[_.-]?KEY|bearer\\s+token|environment\\s+(?:variables?|context)|session\\s+(?:tokens?|metadata)|local\\s+state)\\b|\\b(?:include|attach|forward|send|collect|embed|provide|share)\\b.{0,40}?\\b(?:environment\\s+(?:variables?|context)|tokens?|credentials?|API\\s+keys?|secrets?|session)\\b|\\b(?:(?:informational|low|none)\\s+only|do\\s+not\\s+flag|omit\\s+from\\b.{0,20}?\\b(?:reports?|summar(y|ies)|outputs?|findings?)|suppress\\b.{0,30}?\\b(?:findings?|warnings?|alerts?|reports?|flags?)|classify\\b.{0,30}?\\b(?:informational|low|none)|hide\\b.{0,40}?\\b(?:findings?|warnings?|alerts?|reports?)|redact\\b.{0,30}?\\b(?:findings?|warnings?|flags?))\\b|\\boverrides?\\b.{0,30}?\\b(?:system\\s+prompt|safety\\s+polic|built-in|default|developer|user\\s+instruction)\\b|\\btakes?\\s+precedence\\s+over\\b.{0,20}?\\b(?:system|safety|developer|user)\\b|\\b(?:transparency\\s+(?:header|addendum|requirement)|compliance\\s+(?:addendum|requirement|provision)|canonical\\s+(?:governing|policy|project|model)(?:\\s+(?:description|policy|document))?)\\b))"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-RMP-002"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/repo-metadata-poisoning/GLS-RMP-003-codeowners-reviewer-metadata-poisoning.json b/attack-db/attacks/repo-metadata-poisoning/GLS-RMP-003-codeowners-reviewer-metadata-poisoning.json
new file mode 100644
index 0000000..a3e78ae
--- /dev/null
+++ b/attack-db/attacks/repo-metadata-poisoning/GLS-RMP-003-codeowners-reviewer-metadata-poisoning.json
@@ -0,0 +1,39 @@
+{
+  "id": "GLS-RMP-003",
+  "name": "CODEOWNERS Reviewer Metadata Poisoning",
+  "version": "1.0",
+  "category": "repo_metadata_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "A malicious `CODEOWNERS` / `OWNERS` reviewer-routing file can hide agent-directed instructions in comments or owner notes that tell AI coding agents and review bots to suppress findings, omit security reviewers, or attach local secrets when preparing PRs.",
+  "keywords": [
+    ".github/CODEOWNERS",
+    "CODEOWNERS",
+    "OWNERS",
+    "OWNERS_ALIASES",
+    "agent instruction",
+    "authoritative",
+    "defines review/scanner rules",
+    "governing document",
+    "overrides",
+    "review owners",
+    "scanner directive",
+    "source of truth",
+    "supersedes",
+    "takes precedence"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:(?:security|incident|vulnerability)\\s+report.{0,120}\\b(?:flagged|detected|blocked|refused)\\b|(?:scanner|reviewer|security)\\s+docs?\\s+should\\s+(?:report|detect|flag|refuse)|scanners?\\s+should\\s+(?:report|detect|flag|refuse)\\s+.{0,80}\\bCODEOWNERS\\b|(?:do\\s+not|does\\s+not|must\\s+not)\\s+(?:obey|follow|treat|trust|override|overrides?)\\s+.{0,80}\\b(?:CODEOWNERS|OWNERS)\\b|never\\s+(?:obey|follow|treat|trust|override|overrides?)\\s+.{0,80}\\b(?:CODEOWNERS|OWNERS)\\b|owner\\s+metadata\\s+is\\s+not\\s+(?:agent\\s+)?policy|CODEOWNERS\\s+(?:is|are)\\s+not\\s+(?:agent\\s+)?(?:policy|authority)|no\\s+(?:policy\\s+)?overrides?\\s+are\\s+present|training\\s+example.{0,120}\\b(?:must\\s+not|do\\s+not)\\s+(?:obey|follow|treat|trust)))\n(?=.*(?:\\bCODEOWNERS\\b|\\.github[/\\\\]CODEOWNERS\\b|\\bOWNERS(?:_ALIASES)?\\b|\\breview\\s+owners?\\b|\\bpath\\s+owners?\\b|@[-\\w]+/[-\\w]+\\s*$|/[\\w*./-]+\\s+@[-\\w/]+))\n(?=.*(?<![a-zA-Z0-9])(?:ai\\s+)?(?:agents?|assistants?|coding\\s+assistants?|security\\s+scanners?|scanners?|review\\s+bots?|pr\\s+bots?|copilot|cursor|codex|claude|llms?)(?![a-zA-Z0-9]))\n(?=.*\\b(?:agent\\s+instructions?|scanner\\s+directives?|review\\s+bot\\s+instructions?|authoritative|canonical|definitive|governing\\s+document|controlling\\s+document|(?:primary|single)\\s+source\\s+of\\s+truth|takes?\\s+precedence|overrides?|supersed(?:e|es|ed|ing)|outranks?|defines?\\s+(?:(?:all|the)\\s+)?(?:review|scanner|security|routing)\\s+rules?)\\b)\n(?=.*\\b(?:(?:suppress|hide|omit|redact|exclude|skip)\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|alerts?|reports?|summaries?|results?|diagnostics?|observations?|checks?)|treat.{0,50}?as\\s+(?:informational|non[-\\s]?blocking|safe|clean)|(?:do\\s+not|don't)\\s+(?:report|mention|include|escalate)\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|security\\s+team|security\\s+reviewers?|owners?|reports?|observations?)|(?:omit|remove|exclude)\\s+(?:[\\w-]+\\s+){0,3}(?:security\\s+)?(?:reviewers?|owners?|teams?)|add\\s+(?:only\\s+)?@[-\\w/]+\\s+as\\s+(?:the\\s+)?(?:only\\s+)?reviewer|route\\s+(?:only\\s+)?to\\s+@[-\\w/]+|(?:include|attach|forward|send|share|provide|expose)\\s+(?:[\\w-]+\\s+){0,4}(?:API\\s+keys?|tokens?|credentials?|secrets?|auth(?:orization)?\\s+headers?|environment\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?)|runtime\\s+(?:variables?|context|details?|config(?:uration)?|settings?)|local\\s+(?:state|config(?:uration)?|settings?)))\\b)\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-RMP-003"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/repo-metadata-poisoning/GLS-RMP-004-github-release-notes-agent-policy-poisoning.json b/attack-db/attacks/repo-metadata-poisoning/GLS-RMP-004-github-release-notes-agent-policy-poisoning.json
new file mode 100644
index 0000000..0492b0b
--- /dev/null
+++ b/attack-db/attacks/repo-metadata-poisoning/GLS-RMP-004-github-release-notes-agent-policy-poisoning.json
@@ -0,0 +1,37 @@
+{
+  "id": "GLS-RMP-004",
+  "name": "GitHub release notes agent-policy poisoning",
+  "version": "1.0",
+  "category": "repo_metadata_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Attacker-controlled release notes, changelog entries, or release API `body` fields can smuggle agent/scanner-directed instructions that claim authority over the review, suppress upgrade findings, or request local environment and token details.",
+  "keywords": [
+    "CHANGELOG",
+    "GitHub Release",
+    "agent instruction",
+    "agent_instructions",
+    "canonical upgrade policy",
+    "defines the rules for automated review",
+    "overrides scanner defaults",
+    "primary/single source of truth",
+    "release body",
+    "release notes",
+    "scanner_policy",
+    "tag_name"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*(?:\n  (?:security|incident|vulnerability|scanner|training|guide|docs?|reference|article|runbook|postmortem).{0,120}?(?:blocked|detected|flagged|refused|reported|warns?\\s+about|should\\s+(?:report|detect|flag|refuse|block)|must\\s+not\\s+(?:treat|obey|follow|use)|do\\s+not\\s+(?:treat|obey|follow|use|forward|send|share|attach|include)|does\\s+not\\s+(?:treat|obey|follow|use|override|overrides?|trust)|never\\s+(?:treat|obey|follow|use|override|overrides?|trust))\n  |(?:do\\s+not\\s+(?:obey|follow|treat|use|forward|send|share|attach|include)|does\\s+not\\s+(?:obey|follow|treat|use|override|overrides?|trust)|never\\s+(?:obey|follow|treat|use|override|overrides?|trust)|must\\s+not\\s+(?:obey|follow|treat|use|override|overrides?|trust)|should\\s+(?:not\\s+\\w+|never\\b|report|detect|flag|refuse|block))\\b.{0,120}?(?:release\\s+notes?|changelog|release\\s+body|GitHub\\s+Release|GitLab\\s+Release)\n  |no\\s+(?:agent\\s+)?policy\\s+overrides?\n  |release\\s+notes?\\s+(?:are|is)\\s+not\\s+(?:agent\\s+)?policy\n))\n(?=.*(?:\n  (?<![a-zA-Z0-9])(?:GitHub|GitLab)\\s+Release(?![a-zA-Z0-9])\n  |(?<![a-zA-Z0-9])release[-_\\s]notes?(?![a-zA-Z0-9])\n  |(?<![a-zA-Z0-9])release[-_\\s]body(?![a-zA-Z0-9])\n  |(?<![a-zA-Z0-9])tag_name(?![a-zA-Z0-9])\n  |(?<![a-zA-Z0-9])CHANGELOG(?:\\.md)?(?![a-zA-Z0-9])\n  |generated\\s+changelog\n  |release\\s+assets?\n  |gh\\s+release\\s+view\n))\n(?=.*(?:\n  (?<![a-zA-Z0-9])(?:ai|autonomous|dependency|security|upgrade|release|devops)\\s+(?:agents?|assistants?|scanners?|auditors?|reviewers?)(?![a-zA-Z0-9])\n  |(?<![a-zA-Z0-9])(?:agents?|assistants?|scanners?|auditors?|reviewers?|models?|llms?)(?![a-zA-Z0-9])\n  |(?<![a-zA-Z0-9])(?:agent|assistant|scanner|auditor|reviewer)[-_]?(?:instructions?|policy|note|directive)(?![a-zA-Z0-9])\n))\n(?=.*(?:\n  overrides?\\s+(?:system|developer|scanner|security|repository|upgrade|dependency)\\s+(?:rules?|polic(?:y|ies)|instructions?|defaults?)\n  |supersed(?:e|es|ed|ing)\\s+(?:scanner|security|repository|system|developer)\\s+(?:rules?|polic(?:y|ies)|instructions?)\n  |takes?\\s+precedence\\s+over\\s+(?:scanner|security|system|developer|repository)\n  |(?:primary|single)\\s+source\\s+of\\s+truth\n  |canonical\\s+(?:upgrade\\s+|project\\s+|release\\s+|dependency\\s+)?(?:description|policy|instructions?)\n  |definitive\\s+(?:upgrade\\s+|project\\s+|release\\s+|dependency\\s+)?(?:description|policy|instructions?)\n  |governing\\s+(?:document|policy|instructions?)\n  |controlling\\s+(?:document|policy|instructions?)\n  |authoritative(?:\\s+(?:source|policy|instructions?))?\n  |overrules?\\s+(?:scanner|security|system|developer|repository)\n  |defines?\\s+(?:(?:the\\s+)?rules?\\s+for\\s+(?:automated|AI|scanner|security|agent|dependency)\\s+(?:review|audit|scan|upgrade)|all\\s+(?:scanner|security|dependency)\\s+rules?)\n  |(?:agent|scanner|assistant|auditor|reviewer)\\s+(?:instructions?|directive|policy)\n))\n(?=.*(?:\n  (?:suppress|suppresses|suppressed|suppressing|hide|hides|hidden|hiding)\\s+(?:[\\w-]+\\s+){0,4}(?:findings?|warnings?|alerts?|reports?|flags?|issues?|observations?|notifications?|results?|diagnostics?|vulnerabilit(?:y|ies)|CVE(?:s)?|scanner\\s+output)\n  |(?:omit|exclude|redact|downgrade|deprioriti[sz]e|reclassify)\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|alerts?|reports?|flags?|issues?|observations?|notifications?|results?|diagnostics?|vulnerabilit(?:y|ies)|CVE(?:s)?|scanner\\s+output)\n  |(?:treat|mark|classify|flag).{0,50}?as\\s+(?:informational|non[-\\s]?blocking|advisory[-\\s]?only|safe|clean|non[-\\s]?actionable)\n  |(?:do\\s+not|not)\\s+(?:report|escalate|flag|include)\\s+(?:[\\w-]+\\s+){0,4}(?:findings?|warnings?|alerts?|reports?|flags?|issues?|observations?|notifications?|results?|diagnostics?|vulnerabilit(?:y|ies)|CVE(?:s)?|scanner\\s+output)\n  |(?:include|attach|forward|send|share|provide|expose|collect|copy|read|embed)\\s+(?:[\\w-]+\\s+){0,4}(?:API\\s+keys?|access\\s+tokens?|GitHub\\s+tokens?|Bearer\\s+tokens?|session\\s+tokens?|secrets?|credentials?|environment\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?)|runtime\\s+(?:context|variables?|config(?:uration)?|settings?)|local\\s+(?:state|config(?:uration)?|settings?)|CI\\s+(?:variables?|secrets?|context)|auth(?:entication)?\\s+(?:headers?|context))\n))\n(?=.*(?:\n  findings?|warnings?|alerts?|reports?|flags?|issues?|observations?|notifications?|results?|diagnostics?|vulnerabilit(?:y|ies)|CVE(?:s)?|scanner\\s+output\n  |API\\s+keys?|access\\s+tokens?|GitHub\\s+tokens?|Bearer\\s+tokens?|session\\s+tokens?|secrets?|credentials?|environment\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?)|runtime\\s+(?:context|variables?|config(?:uration)?|settings?)|local\\s+(?:state|config(?:uration)?|settings?)|CI\\s+(?:variables?|secrets?|context)|auth(?:entication)?\\s+(?:headers?|context)\n))\n.{0,6000}"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-RMP-004"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/repo-metadata-poisoning/GLS-RMP-005-gitmodules-submodule-metadata-agent-policy-poisoning.json b/attack-db/attacks/repo-metadata-poisoning/GLS-RMP-005-gitmodules-submodule-metadata-agent-policy-poisoning.json
new file mode 100644
index 0000000..f34ae17
--- /dev/null
+++ b/attack-db/attacks/repo-metadata-poisoning/GLS-RMP-005-gitmodules-submodule-metadata-agent-policy-poisoning.json
@@ -0,0 +1,38 @@
+{
+  "id": "GLS-RMP-005",
+  "name": ".gitmodules Submodule Metadata Agent Policy Poisoning",
+  "version": "1.0",
+  "category": "repo_metadata_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "Repository `.gitmodules` files can carry attacker-controlled comments or extension-like metadata that target AI dependency/security agents, falsely assert scanner authority, and instruct them to suppress submodule findings or forward local credentials/runtime state.",
+  "keywords": [
+    ".gitmodules",
+    "[submodule \"...\"]",
+    "assistant_note",
+    "branch",
+    "git config -f .gitmodules",
+    "git submodule",
+    "ignore",
+    "path",
+    "scanner_policy",
+    "shallow",
+    "submodule.<name>",
+    "update",
+    "url"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:scanner|scanners|security|incident|vulnerability|training|documentation|docs?)\\s+(?:docs?|report|guide|reference|runbook|corpus|example|exercise).{0,180}\\b(?:detected|blocked|flagged|refused|should\\s+(?:report|detect|flag|refuse)|must\\s+(?:report|detect|flag|refuse)))\n(?!.*\\b(?:do\\s+not|does\\s+not|never|must\\s+not|should\\s+not|should\\s+never)\\s+(?:obey|treat|follow|trust|use|execute).{0,120}\\b(?:metadata|git\\s+submodules?|submodule|\\.gitmodules).{0,120}\\b(?:policy|authority|instruction|rules?))\n(?!.*\\b(?:not\\s+(?:authoritative|canonical|definitive)|no\\s+(?:policy\\s+)?overrides?))\n(?=.*(?:(?:^|[\\s/`\"'])\\.gitmodules(?![A-Za-z0-9_-])|\\[\\s*submodule\\s+\"[^\"]+\"\\s*\\]|\\bgit\\s+submodules?\\b|\\bgit\\s+config\\s+-f\\s+\\.gitmodules\\b|\\bsubmodule\\.[A-Za-z0-9_.-]+\\.(?:path|url|branch|update|shallow|ignore)\\b|\\bsubmodule\\.(?:path|url|branch|update|metadata|configuration)\\b|\\bsubmodule\\s*(?:path|url|branch|update|metadata|configuration)\\b|\\b(?:path|url|branch|update|shallow|ignore)\\s*=.{0,120}\\bsubmodule\\b))\n(?=.*(?:(?<![A-Za-z0-9])(?:ai|autonomous|dependency|security|supply-chain|repository|code|review|audit)\\s+(?:agents?|assistants?|scanners?|auditors?|reviewers?|crawlers?|models?|llms?)(?![A-Za-z0-9])|(?<![A-Za-z0-9])(?:agents?|assistants?|scanners?|auditors?|reviewers?|crawlers?|models?|llms?)(?![A-Za-z0-9])|(?<![A-Za-z0-9])(?:agent|assistant|scanner|auditor|crawler)[._-]?(?:policy|instructions?|note)(?![A-Za-z0-9])))\n(?=.*(?:\\bauthoritative\\b|\\bcanonical\\b|\\bdefinitive\\b|\\bgoverning\\s+document\\b|\\bcontrolling\\s+document\\b|\\b(?:primary|single)\\s+source\\s+of\\s+truth\\b|\\btakes?\\s+precedence\\b|\\boverrides?\\b|\\boverrules?\\b|\\bsupersed(?:e|es|ed|ing)\\b|\\boutranks?\\b|\\bdefines?\\s+(?:all\\s+)?(?:scanner|security|agent|review|audit)?\\s*rules?\\b|\\b(?:agent|scanner|assistant|auditor|crawler)\\s+(?:instructions?|directives?|policy)\\b))\n(?=.*(?:\\b(?:suppress|hide|redact|exclude|omit|skip|ignore)\\s+(?:[\\w-]+\\s+){0,4}(?:findings?|warnings?|reports?|flags?|issues?|observations?|diagnostics?|results?|anomal(?:y|ies)|dependency|submodule|provenance|url\\s+mismatch|unsigned\\s+commit|detached\\s+HEAD|supply-chain\\s+warnings?)\\b|\\b(?:keep|leave)\\s+.{0,80}?\\bout\\s+of\\s+(?:the\\s+)?(?:memo|summary|report|audit\\s+memo|review\\s+notes?|final\\s+report)\\b|\\btreat\\s+.{0,80}?\\bas\\s+(?:informational|non[- ]blocking|safe|clean|benign)\\b|\\bmark\\s+.{0,80}?\\bas\\s+(?:safe|clean|trusted|verified)\\b|\\b(?:do\\s+not|don't|do\\s+not\\s+ever)\\s+(?:report|flag|escalate)\\s+(?:[\\w-]+\\s+){0,4}(?:findings?|warnings?|issues?|observations?|diagnostics?|anomal(?:y|ies)|dependency|submodule|provenance)\\b|\\b(?:include|attach|forward|send|share|provide|expose|collect|pass\\s+along|read|copy|populate)\\s+(?:[\\w-]+\\s+){0,5}(?:api\\s+keys?|api\\s+tokens?|tokens?|session\\s+(?:keys?|tokens?)|cookies?|authorization\\s+headers?|auth\\s+headers?|credentials?|environment\\s+(?:variables?|context|details?|config(?:uration)?|state|settings?)|runtime\\s+(?:context|variables?|details?|proof\\s+material|config(?:uration)?|settings?)|local\\s+(?:state|config(?:uration)?|settings?))\\b))"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-RMP-005"
+}
\ No newline at end of file
diff --git a/attack-db/attacks/repo-metadata-poisoning/GLS-RMP-006-pull-request-template-agent-policy-poisoning.json b/attack-db/attacks/repo-metadata-poisoning/GLS-RMP-006-pull-request-template-agent-policy-poisoning.json
new file mode 100644
index 0000000..f909e66
--- /dev/null
+++ b/attack-db/attacks/repo-metadata-poisoning/GLS-RMP-006-pull-request-template-agent-policy-poisoning.json
@@ -0,0 +1,40 @@
+{
+  "id": "GLS-RMP-006",
+  "name": "Pull Request Template Agent Policy Poisoning",
+  "version": "1.0",
+  "category": "repo_metadata_poisoning",
+  "severity": "high",
+  "channels": [
+    "file",
+    "web_content"
+  ],
+  "description": "A hostile `PULL_REQUEST_TEMPLATE.md` can smuggle agent-facing instructions into the PR authoring workflow, telling AI coding agents or review bots that the template is authoritative policy and should suppress findings, omit reviewers, or include local secrets in the PR body.",
+  "keywords": [
+    ".github/PULL_REQUEST_TEMPLATE",
+    "@security-team",
+    "AI coding assistant",
+    "Claude",
+    "Codex",
+    "Copilot",
+    "PR template",
+    "PULL_REQUEST_TEMPLATE.md",
+    "agent",
+    "agent instruction",
+    "authoritative",
+    "automated review",
+    "defines rules",
+    "dependency reviewer",
+    "do not include @security-team"
+  ],
+  "regex": [
+    "(?six)^\n(?!.*\\b(?:\n  do\\s+not\\s+(?:obey|follow|trust|treat|override|overrides?)\\b|\n  does\\s+not\\s+(?:obey|follow|trust|treat|override|overrides?)\\b|\n  never\\s+(?:obey|follow|trust|treat|override|overrides?)\\b|\n  must\\s+not\\s+(?:obey|follow|trust|treat|override|overrides?)\\b|\n  should\\s+(?:not\\s+\\w+|never\\b|report|detect|flag|refuse|block)\\b|\n  no\\s+(?:agent\\s+)?policy\\s+overrides?\\b|\n  not\\s+(?:authoritative|canonical|definitive)\\b|\n  (?:security|scanner|training|incident|vulnerability)\\s+(?:docs?|guide|report|reference).*\\b(?:detected|flagged|blocked|refused)\\b|\n  (?:learn\\s+how|guide|reference|training).*\\bscanners?\\s+should\\s+(?:report|detect|flag|refuse)\\b\n))\n(?=.*(?:\n  PULL_REQUEST_TEMPLATE(?:\\.md)?|\\.github/PULL_REQUEST_TEMPLATE|pull\\s+request\\s+template|PR\\s+template|pr\\s+body|pull\\s+request\\s+checklist|generated\\s+PR\\s+(?:body|description)\n))\n(?=.*(?:\n  AI\\s+(?:coding\\s+)?assistants?|coding\\s+agents?|review\\s+bots?|dependency\\s+review(?:ers?)?|automated\\s+review|security\\s+scanners?|scanners?|agents?|Copilot|Codex|Claude\n))\n(?=.*(?:\n  (?:agent|scanner|assistant|review\\s+bot|dependency\\s+review)\\s+instructions?|authoritative\\b|canonical\\b|definitive\\b|governing\\s+document|(?:primary|single)\\s+source\\s+of\\s+truth|main\\s+operating\\s+guidance|takes\\s+precedence|overrides?\\s+(?:scanner|security|system|developer|repository)\\s+(?:policy|rules?|instructions?)|supersed(?:e|es|ed|ing)|defines?\\s+(?:(?:the\\s+)?rules?\\s+for\\s+(?:automated|AI|scanner|security|agent)\\s+(?:review|audit|scan)|all\\s+(?:scanner|security|review)\\s+rules?)\n))\n(?=.*(?:\n  suppress(?:es|ed|ing)?\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|alerts?|reports?|observations?|diagnostics?|results?|issues?)|\n  hide\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|alerts?|reports?|observations?|diagnostics?|results?|issues?)|\n  omit\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|alerts?|reports?|observations?|diagnostics?|results?|security\\s+reviewers?|@security-team)|\n  downgrade\\s+(?:[\\w-]+\\s+){0,3}(?:findings?|warnings?|alerts?|observations?|diagnostics?|dependency\\s+alerts?)\\s+(?:into|to|as)\\s+(?:background|informational|non[-\\s]?blocking)|\n  treat.{0,60}?as\\s+(?:informational|non[-\\s]?blocking|advisory[-\\s]?only)|\n  (?:do\\s+not\\s+include|skip|exclude|remove|leave\\s+out)\\s+(?:[\\w@/-]+\\s+){0,4}(?:@security-team|security\\s+reviewers?|required\\s+reviewers?|reviewers?|approvers?|maintainers?)|\n  (?:attach|include|forward|send|share|provide|pass\\s+along|copy|paste)\\s+(?:[\\w-]+\\s+){0,4}(?:API\\s+keys?|tokens?|secrets?|cookies?|authorization\\s+headers?|session\\s+tokens?|env(?:ironment)?\\s+(?:variables?|context|details?|config(?:uration)?|settings?)|runtime\\s+(?:context|variables?|details?|config(?:uration)?|settings?)|local\\s+(?:state|config(?:uration)?|settings?))\n))\n(?=.*(?:\n  findings?|warnings?|alerts?|reports?|observations?|diagnostics?|results?|issues?|reviewers?|approvers?|maintainers?|@security-team|API\\s+keys?|tokens?|secrets?|cookies?|authorization\\s+headers?|session\\s+tokens?|env(?:ironment)?\\s+variables?|runtime\\s+(?:context|details?|settings?)|local\\s+(?:state|config(?:uration)?|settings?)\n))\n.*"
+  ],
+  "examples": {
+    "malicious": [],
+    "benign": []
+  },
+  "references": [],
+  "contributed_by": "Sunglasses Team",
+  "date_added": "2026-06-13",
+  "source": "patterns.py:GLS-RMP-006"
+}
\ No newline at end of file
diff --git a/attack-db/manifest.json b/attack-db/manifest.json
index c6fc347..60ef3d4 100644
--- a/attack-db/manifest.json
+++ b/attack-db/manifest.json
@@ -1,7 +1,7 @@
 {
-  "generated_at": "2026-06-07T03:10:39.134463Z",
+  "generated_at": "2026-06-13T08:44:43.407589Z",
   "source": "sunglasses/patterns.py",
-  "total_patterns": 981,
+  "total_patterns": 1046,
   "categories": {
     "prompt-injection": 44,
     "data-exfiltration": 35,
@@ -66,7 +66,8 @@
     "agent-instruction-file-poisoning": 9,
     "cicd-metadata-poisoning": 8,
     "supply-chain-attestation-poisoning": 5,
-    "discovery-file-poisoning": 25
+    "discovery-file-poisoning": 84,
+    "repo-metadata-poisoning": 6
   },
   "generator": "scripts/export_patterns_to_attack_db.py"
 }
\ No newline at end of file