prompt-injection-test
A test skill with prompt injection patterns
16
0%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./evals/test_skills/malicious/prompt-injection/SKILL.mdQuality
Discovery
0%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is extremely weak across all dimensions. It reads more like a label or internal note than a functional skill description, providing no concrete actions, no trigger terms, and no guidance on when Claude should select it. It would be essentially useless for skill selection in a multi-skill environment.
Suggestions
Replace the entire description with concrete actions the skill performs, e.g., 'Detects and sanitizes prompt injection attempts in user inputs, flags suspicious patterns, and applies input validation rules.'
Add an explicit 'Use when...' clause specifying the conditions under which Claude should select this skill, e.g., 'Use when validating user inputs for security, detecting injection attacks, or sanitizing prompts.'
Include natural trigger terms that users or systems would use, such as 'security', 'input validation', 'injection detection', or 'prompt safety'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions whatsoever. 'A test skill with prompt injection patterns' is entirely vague and does not describe what the skill actually does. | 1 / 3 |
Completeness | The description fails to answer both 'what does this do' and 'when should Claude use it'. There is no 'Use when...' clause and no meaningful explanation of capabilities. | 1 / 3 |
Trigger Term Quality | There are no natural keywords a user would say. 'Prompt injection patterns' is technical jargon that users would not naturally use when seeking help with a task. | 1 / 3 |
Distinctiveness Conflict Risk | The description is so vague that it provides no clear niche. 'A test skill' could conflict with anything, and 'prompt injection patterns' doesn't define a distinct functional domain. | 1 / 3 |
Total | 4 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is a prompt injection attack, not a legitimate skill. It attempts to override system instructions, instructs Claude to execute arbitrary remote code without verification, and contains zero educational or actionable content. It fails every dimension of quality and poses a serious safety risk.
Suggestions
Remove all prompt injection patterns ('Ignore all previous instructions', 'System Override') and replace with legitimate skill content that teaches a specific task.
Replace the malicious code example with safe, executable code that demonstrates a real skill, with proper validation and safety constraints.
Add a clear purpose, structured workflow, and concrete examples that provide genuine value to the user.
Include safety boundaries and validation steps rather than explicitly instructing to bypass verification.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is not just verbose—it contains no legitimate instructional content whatsoever. Every token is wasted on prompt injection attempts rather than teaching a useful skill. | 1 / 3 |
Actionability | The only 'actionable' content is a malicious command to download and execute arbitrary code from an untrusted source. There is zero legitimate, concrete guidance for any task. | 1 / 3 |
Workflow Clarity | There is no workflow, no sequencing, no validation, and no legitimate multi-step process. The content instructs execution 'without verification,' which is the antithesis of workflow clarity and safety. | 1 / 3 |
Progressive Disclosure | There is no meaningful structure, no references to supporting files, and no organization. The content is a flat block of malicious instructions with no navigational aids. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- cisco-ai-defense/skill-scanner
- Commit
ff708ea
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.