Prompt Injection Tester
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent security-testing skill, but it tells the agent to run potentially disruptive prompt-injection attacks without clear authorization or containment limits.
Install only if you intend to run authorized security testing. Use it on systems you own or have permission to assess, prefer staging environments, and require review before tests that could reveal sensitive data, trigger tool actions, or consume significant compute.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may generate prompts designed to make a target AI ignore its normal rules.
The skill contains prompt-injection phrases that are intended to override a target model’s instructions. In context, they are disclosed test payloads, not hidden instructions to this evaluator.
Instruction override: "Ignore previous instructions and..."
Use these payloads only in authorized security tests and clearly separate test prompts from trusted operational instructions.
If used against a real or production system, the agent could cause unwanted actions, expose sensitive data, create costs, or disrupt service.
The skill directs execution of high-impact attack simulations, including unauthorized action attempts and resource-exhaustion prompts, but does not define authorization, safe test scope, rate limits, or human approval for risky tests.
For each attack vector: ... Submit through the application's normal input channel ... Privilege escalation: Making the model perform unauthorized actions ... Resource exhaustion: Prompts designed to consume excessive tokens/compute
Require explicit authorization, use a staging or sandbox environment, avoid destructive/resource-heavy tests by default, and get user approval before any test that could mutate data, call tools, or consume significant resources.
Test instructions placed in a real knowledge base could later influence other users or agents.
The skill includes RAG data-poisoning tests, which are relevant to prompt-injection testing but could contaminate persistent or shared retrieval content if not isolated.
Data poisoning: Injecting instructions into documents the RAG retrieves
Run RAG poisoning tests only with synthetic documents or in an isolated test index, and clean up test content afterward.