Agents
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions); human review is required before treating this skill as clean.
This skill appears safe to install as documentation. Treat its code snippets as educational patterns, and if you implement agents from it, add explicit approval gates, memory retention limits, privacy controls, and logging safeguards. ClawScan detected prompt-injection indicators (ignore-previous-instructions), so this skill requires review even though the model response was benign.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A scanner may flag the wording, but in context it is a defensive example rather than a hidden directive.
This matches a prompt-injection pattern, but the surrounding section is explicitly an 'Attack Vectors' guide explaining how to recognize and defend against it.
| **Persona hijacking** | "Ignore previous instructions..." | Agent abandons safety constraints |
Keep this text treated as documentation; do not copy the attack phrase into live prompts except as clearly quoted test data.
If you use these patterns in a real agent, stored memories or embeddings may contain private information or untrusted content that affects future behavior.
The skill teaches long-term memory patterns that can store user facts and preferences. This is aligned with agent design guidance, but such memory can become sensitive or poisoned if implemented without controls.
| **Semantic** | Long-term | Facts, learnings, preferences | Vector DB, embeddings |
Scope what memory stores, add user controls for review/deletion, avoid storing secrets, and treat retrieved memory as untrusted context.