warn
suspicious.prompt_injection_instructions
- Location
- SKILL.md:34
- Finding
- Prompt-injection style instruction pattern detected.
Link Digest
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.prompt_injection_instructions
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
The agent may create visible Discord threads and posts in the configured channel.
Why it was flagged
The workflow uses delegated Discord access to read from the configured channel and also instructs creating threads and sending messages.
Skill content
message(action=read, channel=<LINK_DIGEST_CHANNEL_ID>, limit=10)
Recommendation
Use a channel ID where this behavior is desired and ensure the agent's Discord permissions are limited to appropriate channels.
What this means
A misconfigured KB_DIR could cause unintended files to be staged or committed.
Why it was flagged
The skill instructs the agent to run a git command that mutates the local repository, though it also says to commit only files within KB_DIR.
Skill content
git add <KB_DIR> && git commit -m "kb: add note from link-digest"
Recommendation
Set KB_DIR to a narrow knowledge-base folder and review git status before pushing commits.
What this means
Summaries and source URLs can persist in the local knowledge base and be reused later.
Why it was flagged
The workflow creates persistent local knowledge-base entries from analyzed links, which may later influence future work.
Skill content
Append a distilled note to the appropriate KB file.
Recommendation
Review generated KB entries for accuracy and avoid processing links whose source URL or summary should not be retained.