Ai Chatbot Prompt Builder

AdvisoryAudited by Static analysis on May 12, 2026.

Overview

Detected: suspicious.prompt_injection_instructions

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI01: Agent Goal Hijack

What this means

The generated chatbot may include rules for refusing jailbreak attempts; this is generally useful, but the final guardrails should be tested so they do not over-refuse normal customer questions.

Why it was flagged

The artifact contains prompt-injection phrases, but they are explicitly included as examples for generating jailbreak-resistance guardrails, which is aligned with the skill’s purpose.

Skill content

Request to "ignore previous instructions" or prompt injection attempt

Recommendation

Review the generated guardrails and test them with realistic customer conversations before adding them to a live chatbot.

NoteHigh Confidence

ASI06: Memory and Context Poisoning

What this means

If users paste sensitive support tickets, customer information, unpublished pricing, or regulated data, that content could be stored in generated datasets or uploaded to third-party AI/vector database services.

Why it was flagged

The skill asks users to provide business documentation or support scripts to generate persistent FAQ/training data for fine-tuning, RAG, or knowledge-base ingestion.

Skill content

Existing documentation to draw from (optional): [Paste any existing FAQs, help docs, pricing pages, or support scripts]

Recommendation

Redact personal data, secrets, confidential business terms, and regulated information before using these prompts or uploading generated datasets.

NoteHigh Confidence

ASI02: Tool Misuse and Exploitation

What this means

Running the example command could upload the user’s selected training file to an external provider.

Why it was flagged

The artifact includes a user-directed CLI example for uploading generated training data to OpenAI. This is aligned with the stated fine-tuning workflow and is not automatic.

Skill content

Upload to OpenAI fine-tuning API: `openai api fine_tuning.jobs.create -t training_data.jsonl -m gpt-4o-mini`

Recommendation

Only run the command intentionally, after checking the file contents and confirming the provider’s data-handling policy fits your needs.

Findings (4)

warn

suspicious.prompt_injection_instructions

Location: examples/nightguard-security-complete.md:93
Finding: Prompt-injection style instruction pattern detected.

warn

suspicious.prompt_injection_instructions

Location: prompts/03-guardrails-edge-cases.md:56
Finding: Prompt-injection style instruction pattern detected.

warn

suspicious.prompt_injection_instructions

Location: README.md:56
Finding: Prompt-injection style instruction pattern detected.

warn

suspicious.prompt_injection_instructions

Location: SKILL.md:132
Finding: Prompt-injection style instruction pattern detected.