Indirect Prompt Injection Defense

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.prompt_injection_instructions

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI01: Agent Goal Hijack

What this means

Static scanners and users may notice dangerous-looking instructions, but the artifacts use them as examples for detection.

Why it was flagged

Literal goal-hijack phrases are included, but they are presented as examples in a detection checklist and paired with instructions to treat external content as untrusted data.

Skill content

Content that addresses you directly as an AI/assistant:
- "Ignore previous instructions..."

Recommendation

Keep these strings framed as quoted examples or test data, and do not treat them as operational instructions.

NoteMedium Confidence

ASI05: Unexpected Code Execution

What this means

Running the optional scripts will execute local code and may read the specific file or input you provide.

Why it was flagged

The skill documents local Python script execution for automated scanning and tests. This is user-directed and central to the stated purpose, not automatic execution.

Skill content

python scripts/sanitize.py --file document.md

# Run the test suite
python scripts/run_tests.py

Recommendation

Run the scripts only on files you choose, and review the bundled code if you plan to use it in automation or CI.

NoteHigh Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Users have less external context for who maintains the skill or where to audit its history.

Why it was flagged

The artifacts do not provide an external source repository or homepage, which limits provenance assurance, although no remote installer or dependency-fetching behavior is shown.

Skill content

Source: unknown
Homepage: none

Recommendation

If you intend to rely on the optional scripts, inspect the bundled files from the installed package before running them.

Findings (3)

warn

suspicious.prompt_injection_instructions

Location: references/attack-patterns.md:21
Finding: Prompt-injection style instruction pattern detected.

warn

suspicious.prompt_injection_instructions

Location: references/detection-heuristics.md:157
Finding: Prompt-injection style instruction pattern detected.

warn

suspicious.prompt_injection_instructions

Location: SKILL.md:26
Finding: Prompt-injection style instruction pattern detected.