Mitigate prompt injection attacks, especially indirect ones from external web content or files. Use this skill when processing untrusted text from the intern...
Security Analysis
high confidenceThe skill is internally consistent with its stated purpose (sanitizing and detecting prompt-injection), includes a local sanitizer script and defensive guidance, and does not request unrelated credentials or install external code.
Name/description, SKILL.md, patterns.md, and scripts/sanitize.py all align: the package's assets are exactly what you'd expect for a prompt-injection sanitizer and auditor. No unrelated env vars, binaries, or installs are requested.
SKILL.md stays on-purpose (sanitize, wrap in randomized delimiters, optionally spawn an audit sub-agent). The recommendation to spawn a sub-agent for high-stakes content is reasonable but can expand the blast radius depending on that sub-agent's privileges — the skill itself doesn't define that sub-agent's scope.
No install spec (instruction-only) and the included Python script is shipped with the skill. Nothing is downloaded from external or untrusted URLs.
The skill requests no credentials or config paths. Minor note: scripts/sanitize.py decodes Base64 matches and prints fragments of the decoded content, which could reveal any sensitive text embedded in the external input (this is by design for detection but could surface secrets if an input contains them).
always:false and user-invocable:true (normal). The skill does not request permanent presence, nor does it modify other skills or system-wide settings.
Guidance
This skill appears coherent and implements a local sanitizer plus a reference of injection patterns. Before installing, consider: (1) Review scripts/sanitize.py yourself — it decodes and prints portions of Base64 it finds, which will surface any sensitive data embedded in inputs; (2) Limit what the 'audit' sub-agent can access and audit its permissions before allowing autonomous spawning; (3) Test the sanitizer on representative malicious/benign samples to tune false positives (homoglyph and base64 heuristics are heuristic and may need adjustment); (4) Run the sanitizer in a restricted environment if you plan to process untrusted files, and ensure outputs are not automatically forwarded to external services. If you accept these trade-offs, the skill is consistent with its stated purpose.
Latest Release
v1.0.0
Initial release of guardian-wall skill
More by @1999AZZAR
Published by @1999AZZAR on ClawHub
