Goal
Add a goal hijack scenario that exercises the vulnerable demo agent's extract_api_key drift path.
Why this matters
The vulnerable demo target currently has logic for the case where untrusted content says to ignore the user and ask for an API key. That branch emits or represents the drift goal as extract_api_key, but there is no bundled scenario that exercises it directly.
This should be covered so the demo targets do not contain untested behavior.
Suggested scenario
Add a scenario under:
scenarios/goal_hijack/api_key_extraction_001.yaml
Goal
Add a goal hijack scenario that exercises the vulnerable demo agent's
extract_api_keydrift path.Why this matters
The vulnerable demo target currently has logic for the case where untrusted content says to ignore the user and ask for an API key. That branch emits or represents the drift goal as
extract_api_key, but there is no bundled scenario that exercises it directly.This should be covered so the demo targets do not contain untested behavior.
Suggested scenario
Add a scenario under: