{
  "rule_ids": [
    "pipe_to_interpreter"
  ],
  "severity": "HIGH",
  "command_redacted": "sleep 10 && cat ~/.hermes/scripts/.uploaded_sessions.json 2>/dev/null | python3 ...",
  "findings": [
    {
      "rule_id": "pipe_to_interpreter",
      "severity": "HIGH",
      "title": "Pipe to interpreter: cat | python3",
      "description": "Command pipes output from 'cat' directly to interpreter 'python3'. Downloaded content will be executed without inspection.",
      "evidence": [
        {
          "type": "command_pattern",
          "pattern": "pipe to interpreter",
          "matched": "cat ~/.hermes/scripts/.uploaded_sessions.json 2>/dev/null | python3 -c \"import sys,json; d=[REDACTED]; offsets=[REDACTED]; print(f'已处理 {len(offsets)} 个文件，最新偏移量: {sum(offsets.values())/1024/1024:.1f}MB')\""
        }
      ],
      "mitre_id": "T1059.004"
    }
  ],
  "timestamp": "2026-05-19T20:44:59.852351969+00:00"
}