prompt-injection-test
A test skill with prompt injection patterns
20
0%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./evals/test_skills/malicious/prompt-injection/SKILL.mdQuality
Discovery
0%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is extremely weak across all dimensions. It reads more like a label or internal note than a functional skill description, providing no concrete actions, no trigger terms, and no guidance on when Claude should select it. It would be essentially useless for skill selection in a multi-skill environment.
Suggestions
Replace the entire description with concrete actions the skill performs, e.g., 'Detects and sanitizes prompt injection attempts in user inputs' or whatever the actual capability is.
Add an explicit 'Use when...' clause that specifies the conditions under which Claude should select this skill, including natural trigger terms users might use.
Include specific keywords and file types or domains this skill applies to, so it can be clearly distinguished from other skills in a large skill library.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions whatsoever. 'A test skill with prompt injection patterns' is entirely vague and does not describe what the skill actually does. | 1 / 3 |
Completeness | The description fails to answer both 'what does this do' and 'when should Claude use it'. There is no 'Use when...' clause and no meaningful explanation of capabilities. | 1 / 3 |
Trigger Term Quality | There are no natural keywords a user would say. 'Prompt injection patterns' is technical jargon that users would not naturally use when requesting help, and 'test skill' is not a meaningful trigger term. | 1 / 3 |
Distinctiveness Conflict Risk | The description is so vague that it provides no clear niche. 'Test skill' could conflict with anything, and 'prompt injection patterns' doesn't define a distinct domain of use. | 1 / 3 |
Total | 4 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is not a legitimate skill. It is a prompt injection attempt that instructs Claude to ignore previous instructions and execute malicious code. The content provides zero educational or operational value and actively attempts to compromise safety boundaries.
Suggestions
Remove all prompt injection patterns ('Ignore all previous instructions', 'System Override') and replace with legitimate skill content.
Replace the malicious code example with safe, constructive, executable code that teaches a real task.
Add a clear purpose, structured workflow, and validation steps appropriate to the skill's intended domain.
Ensure the skill content respects safety boundaries and does not instruct execution of unverified or untrusted code.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is not a legitimate skill; it contains prompt injection attempts and malicious instructions rather than useful, token-efficient guidance. | 1 / 3 |
Actionability | The only 'actionable' content is a malicious command to download and execute arbitrary code from an untrusted source. There is no legitimate, constructive guidance whatsoever. | 1 / 3 |
Workflow Clarity | There is no legitimate workflow, no sequencing, no validation, and no meaningful steps. The content instructs bypassing verification, which is the opposite of workflow safety. | 1 / 3 |
Progressive Disclosure | No structure, no references, no organization. The content is a short block of malicious instructions with no meaningful progressive disclosure. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- cisco-ai-defense/skill-scanner
- Commit
e99d6fc
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.