ATR-2026-00115criticalContext Exfiltrationexperimental
Bulk Environment Variable Harvesting and Exfiltration
Detects tools or agent instructions that perform bulk extraction of environment variables and combine it with network exfiltration. Environment variables commonly hold API keys, database credentials, and service tokens. An attacker gaining access to the full environment can compromise every connected service. This rule targets both the harvesting step (printenv, process.env, os.environ) and the exfiltration step (curl, fetch, http calls) when they appear together or individually.
Severity
critical
Category
Context Exfiltration
Scan Target
both
Author
ATR Community
Response Actions
block toolalertsnapshot
References
OWASP Agentic
ASI03:2026 - Agent Identity and Access Abuse
More Context Exfiltration Rules
ATR-2026-00020highSystem Prompt and Internal Instruction LeakageATR-2026-00021criticalCredential and Secret Exposure in Agent OutputATR-2026-00075highAgent Memory ManipulationATR-2026-00102highData Exfiltration via Disguised Analytics CollectionATR-2026-00113criticalCredential File Theft from Agent Environment