Authorized Testing Only
Only test systems you own or have explicit written authorization to test. This means:- AI agent pipelines and RAG systems you built and control
- Targets in lab environments you operate
- Third-party systems where you hold a written testing agreement or bug bounty scope that explicitly covers document injection and context poisoning attacks
What Authorized Looks Like
If you are unsure whether you have authorization, you do not have authorization. Authorization requires explicit, documented permission — not implied permission, not assumed permission because you have API access, and not retroactive permission after testing has begun. For bug bounty programs, verify that document ingestion pipelines and AI agent infrastructure are explicitly in scope before generating or deploying any payloads.Dangerous Payloads
The--dangerous flag enables payload types that go beyond callback verification — data exfiltration, SSRF, and behavior modification. These payloads cause target systems to take real actions with real consequences.
Use dangerous payloads only in isolated test environments where you fully control the blast radius. Verify that no sensitive data is at risk before deploying exfiltration payloads.
Responsible Disclosure
If you use CounterSignal to find a genuine vulnerability in a third-party system and have authorization to test, follow responsible disclosure:- Notify the vendor before publishing — provide reproduction steps, payload evidence, and callback logs
- Allow reasonable time to patch — 90 days is the standard baseline
- Coordinate publication — publish technical details after the vendor has had opportunity to respond