My main concern is not that a direct Claude command is prompt injected to do something evil but that the generated code could be evil. For example what about simply a base64 encoded string of text that is dropped into the code designed to be unpacked and evaluated later. Any level of obfuscation is possible. Will any of these fast scanning heuristics work against such attacks? I can see us moving towards a future where ALL LLM output needs to be scanned for finger printed threats. That is, should AV be running continuous scans of generated code and test cases?