Prompt-injection style instruction pattern detected.
Warn
- Code
- suspicious.prompt_injection_instructions
- Location
- references/attack-patterns.md:27
Security audit
Security checks across malware telemetry and agentic risk
This is a legitimate local prompt-injection filter, but one documented API integration pattern could expose a server to command injection if copied with untrusted input.
The Python filter itself appears purpose-aligned for local scanning. Before installing or adopting it, avoid copying the documented execSync shell-string API example for untrusted input; use a direct Python import, stdin, or a safe child-process argument array instead.
52/52 vendors flagged this skill as clean.
Detected: suspicious.prompt_injection_instructions