prompt-injection
Audit applications for AI prompt injection, agent security, and LLM permission boundary vulnerabilities. Use when the user mentions 'prompt injection,' 'LLM security,' 'AI security,' 'jailbreak,' 'indirect prompt injection,' 'prompt leaking,' 'AI red team,' 'LLM vulnerabilities,' 'AI input validation,' 'system prompt extraction,' 'agent security,' 'MCP security,' 'AI permissions,' 'AI privilege escalation,' or needs to secure any application with AI features, AI agents, or LLM integrations.
68
83%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong description with excellent trigger term coverage and completeness, clearly answering both what the skill does and when to use it. The main weakness is that the 'what' portion could be more specific by listing multiple concrete audit actions rather than a single high-level verb. Overall, it would perform very well in a multi-skill selection scenario due to its distinctive niche and extensive trigger terms.
Suggestions
Expand the capability description with more specific actions, e.g., 'Audit applications for AI prompt injection, test input sanitization, review system prompt exposure, analyze permission boundaries, and evaluate agent tool-use security.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names the domain (AI/LLM security) and a primary action ('Audit applications for...vulnerabilities'), but it doesn't list multiple concrete actions like 'test for prompt injection, scan system prompts, validate input sanitization, review permission boundaries.' The action is singular and somewhat high-level. | 2 / 3 |
Completeness | Clearly answers both 'what' (audit applications for AI prompt injection, agent security, and LLM permission boundary vulnerabilities) and 'when' (explicit 'Use when...' clause with extensive trigger terms and broader conditions like 'needs to secure any application with AI features'). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'prompt injection,' 'LLM security,' 'AI security,' 'jailbreak,' 'indirect prompt injection,' 'prompt leaking,' 'AI red team,' 'LLM vulnerabilities,' 'system prompt extraction,' 'agent security,' 'MCP security,' 'AI privilege escalation,' and more. These are highly natural terms a user would use. | 3 / 3 |
Distinctiveness Conflict Risk | This skill occupies a very clear niche—AI/LLM security auditing—with highly specific trigger terms like 'prompt injection,' 'jailbreak,' 'system prompt extraction,' and 'MCP security' that are unlikely to conflict with general security or general AI skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a comprehensive and highly actionable AI security audit skill with excellent workflow structure and concrete code examples for both vulnerable and remediated patterns. Its main weakness is verbosity — it explains some concepts Claude already knows and packs too much detail into a single file without progressive disclosure to supporting bundle files. The cross-references to related skills are a strength, but the skill itself would benefit from splitting detailed subsections (agent security, permission boundaries) into separate reference documents.
Suggestions
Trim the Background section to 1-2 sentences — Claude knows what prompt injection is; just state the three attack classes as a bullet list without elaboration.
Extract Steps 4 (Agent Security), 6 (Permission Boundaries), and the detailed defense assessment table into separate bundle files (e.g., AGENT_SECURITY.md, PERMISSION_AUDIT.md) and reference them from the main skill.
Remove or condense Step 5 (Prompt Leaking) — the common extraction attempts listed are widely known and add little value; a single sentence referencing the technique category would suffice.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is thorough but verbose in places. The Background section explains what prompt injection is, which Claude likely already knows. Some sections like Step 5 (prompt leaking) include basic extraction attempts that are common knowledge. However, the checklists and tables are efficient formats, and the methodology steps contain genuinely useful structural guidance. Overall, it could be tightened by ~30% without losing value. | 2 / 3 |
Actionability | The skill provides concrete, executable code examples for both vulnerable and remediated patterns across Python and JSX. Each step includes specific grep patterns, code snippets showing vulnerable vs. better approaches, and detailed checklists. The output format template is copy-paste ready with clear structure for findings. | 3 / 3 |
Workflow Clarity | The 7-step methodology is clearly sequenced from attack surface mapping through defense assessment. Each step builds logically on the previous one. The permission check checklist and defense assessment table serve as validation checkpoints. The prioritized remediation section in the output format provides a clear feedback mechanism for ranking and addressing findings. | 3 / 3 |
Progressive Disclosure | The skill is a monolithic document at ~300+ lines with no bundle files to offload detailed content. The cross-references to other skills (threat-modeling, owasp-audit, api-audit, ai-risk-management) are good, but the inline content is dense — the tool/agent audit section, permission boundaries section, and defense assessment could each be separate reference files. The references section at the end lists external resources but doesn't link to any bundled supporting materials. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
Total | 10 / 11 Passed | |
- Repository
- briiirussell/cybersecurity-skills
- Commit
c9ade03
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.