Form value injected with no keystroke or trusted paste (programmatic input)
bh.input_via_paste ·
What it catches
FP-Agent (arXiv 2605.01247, radar G15): LLM browser agents populate a form field via paste (Atlas/ChatGPT/Comet), CDP Input.insertText, Playwright fill(), or a direct .value set + dispatched input/change — the value appears with NO keydown on that field and no TRUSTED paste event. A human types (keydowns on the field) or pastes (a trusted ClipboardEvent). The collector (demo.py authoritative + collect.ts + livepage probes.ts) tracks, per form field, whether it received a keydown, a trusted paste, and a value change (input/change); a CHANGED field that got neither keydown nor trusted paste is programmatic injection. Server-prefill is excluded (it fires no input/change during the session). GROUNDED confirm-evades-first 2026-06-28: a Playwright page.fill() (sets value + dispatches input, no keydown) FIRES; page.type() (real keydowns per char) does NOT. Behavioral/corroborating + experimental: the residual FP is browser autofill (fills without keystroke/paste) — so it never convicts alone; calibrate-clean (browserforge has no input-interaction timeline, signal absent).
Signals it reads
behavioral.input_via_paste
How it fires
present