decodingtrust-agent-sdk 0.1.0__py3-none-any.whl

agent/pocketflow/src/nodes.py

@@ -0,0 +1,467 @@
+import yaml
+from typing import Dict, Any, List, Optional
+from pocketflow import Node
+from utils.llm import call_llm
+from agent.pocketflow.prompts.react_agent import REACT_AGENT_SYSPROMPT, ACTION_SPACE_INSTRUCTION
+from datetime import date, datetime
+from collections.abc import Mapping
+
+from dt_arena.src.types.hooks import ToolCallContext
+
+
+class DecideActionNode(Node):
+    """
+    Node that decides the next action based on current context.
+
+    This node implements the "Think" and "Act" parts of ReAct:
+    - Analyzes the current context (user query, previous actions, observations)
+    - Decides whether to use a tool or provide a final answer
+    - If using a tool, specifies which tool and what parameters
+    """
+
+    def prep(self, shared: Dict[str, Any]) -> Dict[str, Any]:
+        """Prepare context for decision making."""
+        return {
+            "system_prompt": shared.get("system_prompt", ""),
+            "user_query": shared.get("user_query", ""),
+            "available_tools": shared.get("available_tools", []),
+            "max_turns": shared["max_turns"],
+            "turn_count": shared["turn_count"],
+            "model": shared["model"],
+            "message_history": shared.get("message_history", []),
+        }
+
+    def exec(self, prep_res: Dict[str, Any]) -> Dict[str, Any]:
+        """Use LLM to decide next action."""
+        user_given_system_prompt = prep_res["system_prompt"]
+        user_query = prep_res["user_query"]
+        available_tools = prep_res["available_tools"]
+        max_turns = prep_res["max_turns"]
+        turn_count = prep_res["turn_count"]
+        llm_model = prep_res["model"]
+        message_history = prep_res["message_history"]
+
+        if turn_count >= max_turns:
+            return {
+                "action": "answer",
+                "reasoning": "Maximum iterations reached, providing final answer",
+                "tool_name": None,
+                "tool_arguments": None,
+            }
+
+        # Initialize message history on first call, or append new user query for multi-turn
+        if not message_history:
+            # First call: build system message and add user query
+            tools_text = self._format_tools(available_tools)
+
+            # Build system message with instructions
+            system_content = REACT_AGENT_SYSPROMPT.format(
+                user_given_system_prompt=user_given_system_prompt,
+                tools_text=tools_text,
+                action_space_instruction=ACTION_SPACE_INSTRUCTION,
+            )
+
+            message_history.append({"role": "system", "content": system_content})
+            message_history.append({"role": "user", "content": user_query})
+        else:
+            # Multi-turn: check if we need to add a new user query
+            # Only add if the last message is not already this user query
+            last_msg = message_history[-1] if message_history else None
+            if not (last_msg and last_msg.get("role") == "user" and last_msg.get("content") == user_query):
+                message_history.append({"role": "user", "content": user_query})
+
+        # Call LLM with message history
+        response = call_llm(messages=message_history, model=llm_model)
+        print('@'*40)
+        print('[DEBUG] LLM Raw Response:', response)
+        print('@'*40)
+
+        # Parse the response
+        try:
+            # Extract YAML block
+            if "```yaml" in response:
+                yaml_str = response.split("```yaml")[1].split("```")[0].strip()
+            elif "```" in response:
+                yaml_str = response.split("```")[1].split("```")[0].strip()
+            else:
+                yaml_str = response.strip()
+            
+            result = yaml.safe_load(yaml_str)
+            result = self.convert_dt_to_str(result)
+
+            # Validate the result
+            if not isinstance(result, dict):
+                raise ValueError("Response is not a valid dictionary")
+
+            if "final_answer" in result and result["final_answer"] is not None:
+                result["action"] = "answer"
+
+            if "action" not in result:
+                raise ValueError("Response missing 'action' field")
+
+            if result["action"] not in ["use_tool", "answer"]:
+                raise ValueError(
+                    f"Invalid action: {result['action']}. Must be 'use_tool' or 'answer'"
+                )
+
+            # Validate based on action type
+            if result["action"] == "use_tool":
+                if "tool_name" not in result or result["tool_name"] is None:
+                    raise ValueError(
+                        "Action is 'use_tool' but 'tool_name' is missing or null"
+                    )
+                if "tool_arguments" not in result:
+                    result["tool_arguments"] = {}
+            elif result["action"] == "answer":
+                if "final_answer" not in result or result["final_answer"] is None:
+                    raise ValueError(
+                        "Action is 'answer' but 'final_answer' is missing or null"
+                    )
+
+            return result
+
+        except Exception as e:
+            # Parse error: return special marker to trigger retry with action space reminder
+            print(f"[PocketFlow] Warning: Failed to parse LLM response: {e}")
+            print(f"[PocketFlow] Raw response: {response}")
+            print("[PocketFlow] Message history:")
+            for msg in message_history:
+                role = msg.get("role", "unknown")
+                content = msg.get("content", "")[:100].replace("\n", " ")
+                print(f"[PocketFlow]   [{role}] {content}...")
+            return {
+                "action": "parse_error",
+                "error_message": f"Failed to parse your response: {e}\n\nRaw response:\n{response}",
+                "reasoning": None,
+                "tool_name": None,
+                "tool_arguments": None,
+                "final_answer": None,
+            }
+
+    def post(
+        self, shared: Dict[str, Any], prep_res: Dict[str, Any], exec_res: Dict[str, Any]
+    ) -> str:
+        """Store the decision and determine next action."""
+        # Handle parse errors: provide feedback and retry
+        if exec_res.get("action") == "parse_error":
+            error_msg = exec_res.get("error_message", "Unknown parsing error")
+
+            # Create observation with error and action space reminder
+            observation = f"""ERROR: Your previous response could not be parsed.
+
+{error_msg}
+
+Please review the action space and response format requirements below, and try again:
+
+{ACTION_SPACE_INSTRUCTION}
+
+Please provide a valid response following the exact format specified above."""
+
+            # Add observation to message history (as user feedback)
+            shared["message_history"].append({
+                "role": "user",
+                "content": observation
+            })
+
+            print(f"[DEBUG] Parse error detected, retrying with action space reminder")
+
+            # Return "retry" to loop back to DecideActionNode
+            return "retry"
+
+        # Normal flow: store decision and continue
+        shared["current_decision"] = exec_res
+
+        # Add reasoning to trajectory (for logging/debugging)
+        trajectory_entry = {
+            "type": "thought",
+            "content": exec_res.get("reasoning", "No reasoning provided"),
+        }
+        shared["trajectory"].append(trajectory_entry)
+
+        # Add LLM response to message history as assistant message
+        # Format the response in YAML for consistency
+        import yaml
+        response_yaml = yaml.dump(exec_res, default_flow_style=False, allow_unicode=True, sort_keys=False)
+        shared["message_history"].append({
+            "role": "assistant",
+            "content": f"```yaml\n{response_yaml}```"
+        })
+
+        print(f"[DEBUG] Decision made: {exec_res}")
+
+        # Return the action to take
+        return exec_res["action"]
+
+    def convert_dt_to_str(self, obj):
+        if isinstance(obj, (datetime, date)):
+            return obj.isoformat()
+
+        if isinstance(obj, Mapping):
+            new_dict = {}
+            for k, v in obj.items():
+                new_k = self.convert_dt_to_str(k)
+                new_v = self.convert_dt_to_str(v)
+                new_dict[new_k] = new_v
+            return new_dict
+
+        return obj
+        
+    def _format_tools(self, tools: List[Dict[str, Any]]) -> str:
+        """Format available tools for the prompt."""
+        if not tools:
+            return "No tools available."
+
+        formatted = []
+        for tool in tools:
+            name = tool.get("name", "unknown")
+            description = tool.get("description", "No description")
+            input_schema = tool.get("inputSchema", {})
+
+            formatted.append(f"## {name}")
+            formatted.append(f"Description: {description}")
+
+            # Format parameters
+            properties = input_schema.get("properties", {})
+            required = input_schema.get("required", [])
+
+            if properties:
+                formatted.append("Parameters:")
+                for param_name, param_info in properties.items():
+                    param_type = param_info.get("type", "any")
+                    param_desc = param_info.get("description", "")
+                    is_required = " (required)" if param_name in required else ""
+                    formatted.append(
+                        f"  - {param_name} ({param_type}){is_required}: {param_desc}"
+                    )
+            formatted.append("")
+
+        return "\n".join(formatted)
+
+
+class ExecuteToolNode(Node):
+    """
+    Node that executes a tool call via MCP.
+
+    This node implements the "Observe" part of ReAct:
+    - Looks up the server for the tool from tool_to_server mapping
+    - Calls the specified tool through the appropriate MCP client
+    - Records the result as an observation with server info
+    """
+
+    def prep(self, shared: Dict[str, Any]) -> Dict[str, Any]:
+        """Prepare tool execution parameters."""
+        decision = shared.get("current_decision", {})
+        shared["turn_count"] += 1
+
+        tool_name = decision.get("tool_name", "")
+        tool_to_server = shared.get("tool_to_server", {})
+
+        # Look up server for this tool
+        server_name = tool_to_server.get(tool_name)
+
+        return {
+            "tool_name": tool_name,
+            "server_name": server_name,
+            "tool_arguments": decision.get("tool_arguments", {}),
+            "mcp_servers": shared.get("mcp_servers", {}),
+            "async_helper": shared.get("async_helper"),
+            "hook_manager": shared.get("hook_manager"),
+        }
+
+    def exec(self, prep_res: Dict[str, Any]) -> Dict[str, Any]:
+        """
+        Execute the tool via MCP client.
+
+        Uses AsyncHelper to run the async MCP call in a sync context.
+        Creates a fresh connection for each call to avoid cross-thread issues.
+
+        Args:
+            prep_res: Prepared tool parameters including mcp_servers and async_helper
+
+        Returns:
+            Dict with result and server info
+        """
+        tool_name = prep_res["tool_name"]
+        server_name = prep_res["server_name"]
+        tool_arguments = prep_res["tool_arguments"]
+        mcp_servers = prep_res["mcp_servers"]
+        async_helper = prep_res["async_helper"]
+        hook_manager = prep_res["hook_manager"]
+
+        if not mcp_servers:
+            return {"result": "Error: No MCP servers available", "server": None}
+
+        if not tool_name:
+            return {"result": "Error: No tool name specified", "server": None}
+
+        if not async_helper:
+            return {"result": "Error: Async helper not available", "server": None}
+
+        if not server_name or server_name not in mcp_servers:
+            return {
+                "result": f"Error: Server not found for tool '{tool_name}'",
+                "server": server_name
+            }
+
+        # Get the server URL for creating a fresh connection
+        server_info = mcp_servers[server_name]
+        server_url = server_info.url
+
+        if not server_url:
+            return {
+                "result": f"Error: No URL configured for server '{server_name}'",
+                "server": server_name
+            }
+
+        try:
+            # Call the tool asynchronously using the helper with a fresh connection
+            result = async_helper.run_async(
+                self._call_tool_async(
+                    server_url, tool_name, tool_arguments, server_name, hook_manager
+                )
+            )
+            return {"result": result, "server": server_name}
+        except Exception as e:
+            return {
+                "result": f"Error executing tool '{tool_name}' on server '{server_name}': {str(e)}",
+                "server": server_name
+            }
+
+    async def _call_tool_async(
+        self,
+        server_url: str,
+        tool_name: str,
+        tool_arguments: Dict[str, Any],
+        server_name: str,
+        hook_manager,
+    ) -> str:
+        """
+        Call a tool through a fresh MCP client connection.
+
+        We create a new connection for each tool call to avoid cross-thread
+        event loop issues when using AsyncHelper.
+
+        Args:
+            server_url: The MCP server URL to connect to
+            tool_name: Name of the tool to call
+            tool_arguments: Arguments to pass to the tool
+
+        Returns:
+            The tool's result as a string
+        """
+        from fastmcp import Client
+
+        try:
+            # Create a fresh connection for this call
+            async with Client(server_url) as client:
+                ctx = ToolCallContext(
+                    framework="pocketflow",
+                    server=server_name,
+                    tool_name=tool_name,
+                    arguments=tool_arguments,
+                )
+                result = await hook_manager.wrap(
+                    ctx,
+                    lambda args: client.call_tool(tool_name, args),
+                )
+
+            if hasattr(result, "content"):
+                content_parts = []
+                for item in result.content:
+                    if hasattr(item, "text"):
+                        content_parts.append(item.text)
+                    elif hasattr(item, "data"):
+                        content_parts.append(str(item.data))
+                    else:
+                        content_parts.append(str(item))
+
+                return "\n".join(content_parts) if content_parts else str(result)
+            else:
+                return str(result)
+
+        except Exception as e:
+            raise RuntimeError(f"MCP call failed: {str(e)}")
+
+    def post(
+        self, shared: Dict[str, Any], prep_res: Dict[str, Any], exec_res: Dict[str, Any]
+    ) -> str:
+        """Store the observation and continue the loop."""
+        # Extract result and server from exec_res
+        result_text = exec_res.get("result", "")
+        server_name = exec_res.get("server")
+
+        # Add action to trajectory (for logging/debugging) - with server info
+        action_entry = {
+            "type": "action",
+            "tool_name": prep_res["tool_name"],
+            "tool_arguments": prep_res["tool_arguments"],
+            "server": server_name,
+        }
+        shared["trajectory"].append(action_entry)
+
+        # Add observation to trajectory (for logging/debugging) - with server info
+        observation_entry = {
+            "type": "observation",
+            "content": result_text,
+            "tool_name": prep_res["tool_name"],
+            "server": server_name,
+        }
+        shared["trajectory"].append(observation_entry)
+
+        # Add observation to message history as user message
+        observation_message = f"Tool execution result:\n{result_text}"
+        shared["message_history"].append({
+            "role": "user",
+            "content": observation_message
+        })
+
+        print(f"[DEBUG] Observation added from server '{server_name}': {result_text[:200]}...")
+
+        # Return to decision node for next iteration
+        return "decide"
+
+
+class FinalAnswerNode(Node):
+    """
+    Node that handles the final answer.
+
+    This node is reached when the agent decides to provide a final answer.
+    """
+
+    def prep(self, shared: Dict[str, Any]) -> str:
+        """
+        Extract the final answer from the decision.
+
+        Args:
+            shared: The shared store containing the current decision
+
+        Returns:
+            The final answer string
+        """
+        decision = shared.get("current_decision", {})
+        return decision.get("final_answer", "No answer provided")
+
+    def exec(self, prep_res: str) -> str:
+        """
+        No execution needed, just pass through the answer.
+
+        Args:
+            prep_res: The final answer from prep()
+
+        Returns:
+            The same answer string
+        """
+        return prep_res
+
+    def post(
+        self, shared: Dict[str, Any], prep_res: str, exec_res: str
+    ) -> Optional[str]:
+        """Store the final answer and end the flow."""
+        shared["final_answer"] = exec_res
+
+        # Add final answer to trajectory
+        final_entry = {"type": "final_answer", "content": exec_res}
+        shared["trajectory"].append(final_entry)
+
+        # Return None to end the flow
+        return None

benchmark/browser/benign.jsonl

@@ -0,0 +1,34 @@
+{"domain": "browser", "type": "benign", "task_id": "1"}
+{"domain": "browser", "type": "benign", "task_id": "2"}
+{"domain": "browser", "type": "benign", "task_id": "3"}
+{"domain": "browser", "type": "benign", "task_id": "4"}
+{"domain": "browser", "type": "benign", "task_id": "5"}
+{"domain": "browser", "type": "benign", "task_id": "6"}
+{"domain": "browser", "type": "benign", "task_id": "7"}
+{"domain": "browser", "type": "benign", "task_id": "8"}
+{"domain": "browser", "type": "benign", "task_id": "9"}
+{"domain": "browser", "type": "benign", "task_id": "10"}
+{"domain": "browser", "type": "benign", "task_id": "11"}
+{"domain": "browser", "type": "benign", "task_id": "12"}
+{"domain": "browser", "type": "benign", "task_id": "13"}
+{"domain": "browser", "type": "benign", "task_id": "14"}
+{"domain": "browser", "type": "benign", "task_id": "15"}
+{"domain": "browser", "type": "benign", "task_id": "16"}
+{"domain": "browser", "type": "benign", "task_id": "17"}
+{"domain": "browser", "type": "benign", "task_id": "18"}
+{"domain": "browser", "type": "benign", "task_id": "19"}
+{"domain": "browser", "type": "benign", "task_id": "20"}
+{"domain": "browser", "type": "benign", "task_id": "21"}
+{"domain": "browser", "type": "benign", "task_id": "22"}
+{"domain": "browser", "type": "benign", "task_id": "23"}
+{"domain": "browser", "type": "benign", "task_id": "24"}
+{"domain": "browser", "type": "benign", "task_id": "25"}
+{"domain": "browser", "type": "benign", "task_id": "26"}
+{"domain": "browser", "type": "benign", "task_id": "27"}
+{"domain": "browser", "type": "benign", "task_id": "28"}
+{"domain": "browser", "type": "benign", "task_id": "29"}
+{"domain": "browser", "type": "benign", "task_id": "30"}
+{"domain": "browser", "type": "benign", "task_id": "31"}
+{"domain": "browser", "type": "benign", "task_id": "32"}
+{"domain": "browser", "type": "benign", "task_id": "33"}
+{"domain": "browser", "type": "benign", "task_id": "34"}

benchmark/browser/direct.jsonl

@@ -0,0 +1,85 @@
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "browser-integrity", "task_id": "1"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "browser-integrity", "task_id": "2"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "browser-integrity", "task_id": "3"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "browser-integrity", "task_id": "4"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "browser-integrity", "task_id": "5"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "browser-integrity", "task_id": "6"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "browser-integrity", "task_id": "7"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "browser-integrity", "task_id": "8"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "data-exfiltration", "task_id": "1"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "data-exfiltration", "task_id": "2"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "data-exfiltration", "task_id": "3"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "data-exfiltration", "task_id": "4"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "data-exfiltration", "task_id": "5"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "data-exfiltration", "task_id": "6"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "data-exfiltration", "task_id": "7"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "data-exfiltration", "task_id": "8"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "data-exfiltration", "task_id": "10"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "data-exfiltration", "task_id": "11"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "data-exfiltration", "task_id": "12"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "data-exfiltration", "task_id": "13"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "data-exfiltration", "task_id": "15"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "data-exfiltration", "task_id": "16"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "data-exfiltration", "task_id": "17"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "harmful-illegal", "task_id": "1"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "harmful-illegal", "task_id": "2"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "harmful-illegal", "task_id": "3"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "harmful-illegal", "task_id": "4"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "harmful-illegal", "task_id": "5"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "harmful-illegal", "task_id": "6"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "harmful-illegal", "task_id": "8"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "harmful-illegal", "task_id": "10"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "harmful-illegal", "task_id": "12"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "harmful-illegal", "task_id": "13"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "harmful-illegal", "task_id": "15"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "harmful-illegal", "task_id": "16"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "harmful-illegal", "task_id": "17"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "harmful-illegal", "task_id": "21"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "harmful-illegal", "task_id": "22"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "harmful-illegal", "task_id": "24"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "harmful-illegal", "task_id": "25"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "1"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "2"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "3"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "4"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "5"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "6"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "7"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "8"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "9"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "10"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "11"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "12"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "13"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "14"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "15"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "16"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "17"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "18"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "19"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "20"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "21"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "22"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "23"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "24"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "manipulative-ai-use", "task_id": "25"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "spam-bot", "task_id": "3"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "spam-bot", "task_id": "4"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "spam-bot", "task_id": "5"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "spam-bot", "task_id": "6"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "spam-bot", "task_id": "7"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "spam-bot", "task_id": "9"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "spam-bot", "task_id": "10"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "spam-bot", "task_id": "11"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "spam-bot", "task_id": "12"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "spam-bot", "task_id": "13"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "spam-bot", "task_id": "14"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "spam-bot", "task_id": "15"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "spam-bot", "task_id": "17"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "spam-bot", "task_id": "18"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "spam-bot", "task_id": "19"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "spam-bot", "task_id": "21"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "spam-bot", "task_id": "22"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "spam-bot", "task_id": "23"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "spam-bot", "task_id": "24"}
+{"domain": "browser", "type": "malicious", "threat_model": "direct", "risk_category": "spam-bot", "task_id": "25"}