Indirect Prompt Injection Defense
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions); human review is required before treating this skill as clean.
This skill looks safe to use as a defensive checklist and optional local analyzer. Expect it to contain many dangerous-looking phrases because those are examples and test cases. If you run the bundled scripts, use only selected files or inputs and review the installed script source first, especially because the registry metadata does not provide an external source link. ClawScan detected prompt-injection indicators (ignore-previous-instructions), so this skill requires review even though the model response was benign.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Static scanners and users may notice dangerous-looking instructions, but the artifacts use them as examples for detection.
Literal goal-hijack phrases are included, but they are presented as examples in a detection checklist and paired with instructions to treat external content as untrusted data.
Content that addresses you directly as an AI/assistant: - "Ignore previous instructions..."
Keep these strings framed as quoted examples or test data, and do not treat them as operational instructions.
Running the optional scripts will execute local code and may read the specific file or input you provide.
The skill documents local Python script execution for automated scanning and tests. This is user-directed and central to the stated purpose, not automatic execution.
python scripts/sanitize.py --file document.md # Run the test suite python scripts/run_tests.py
Run the scripts only on files you choose, and review the bundled code if you plan to use it in automation or CI.
Users have less external context for who maintains the skill or where to audit its history.
The artifacts do not provide an external source repository or homepage, which limits provenance assurance, although no remote installer or dependency-fetching behavior is shown.
Source: unknown Homepage: none
If you intend to rely on the optional scripts, inspect the bundled files from the installed package before running them.