The modified script continued to function normally (coverage reports were still uploaded) - The exfiltration used HTTPS, making network-level detection difficult - The single added line was subtle and could be overlooked in a code review - Most organizations did not verify the integrity of the Bash