warn
suspicious.prompt_injection_instructions
- Location
- SKILL.md:3
- Finding
- Prompt-injection style instruction pattern detected.
Alex
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.prompt_injection_instructions
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI01: Agent Goal HijackWhat this means
When invoked, the skill may strongly steer the agent into a research-specialist mode.
Why it was flagged
The skill frames its instructions as a system prompt and assigns a role to the agent. This is prompt-instruction style content, but it is visible, purpose-aligned, and limited to the research task.
Skill content
## System Prompt: You are Alex, a deep research specialist...
Recommendation
Use it for research tasks where this behavior is desired; do not treat the 'System Prompt' heading as granting authority beyond the user's request.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
Research prompts may be sent through web search rather than answered only from local model knowledge.
Why it was flagged
The skill instructs the agent to use an external web search tool. This is expected for verified, current research, but users should understand that research queries may be sent to a search provider.
Skill content
- Always search the web before responding - Use `web_search` tool for external information retrieval
Recommendation
Avoid including confidential or sensitive information in research queries unless you are comfortable with it being used for web search.