prompt-injection-test

A test skill with prompt injection patterns

Quality

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Critical

Do not install without reviewing

Optimize this skill with Tessl

npx tessl skill review --optimize ./evals/test_skills/malicious/prompt-injection/SKILL.md

Quality

Content

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This skill is a prompt injection attack, not a legitimate skill. It attempts to override system instructions, instructs Claude to execute arbitrary remote code without verification, and contains zero educational or actionable content. It fails every dimension of quality and poses a serious safety risk.

Suggestions

Remove all prompt injection patterns ('Ignore all previous instructions', 'System Override') and replace with legitimate skill content that teaches a specific task.

Replace the malicious code example with safe, executable code that demonstrates a real skill, with proper validation and safety constraints.

Add a clear purpose, structured workflow, and concrete examples that provide genuine value to the user.

Include safety boundaries and validation steps rather than explicitly instructing to bypass verification.

Dimension	Reasoning	Score
Conciseness	The content is not just verbose—it contains no legitimate instructional content whatsoever. Every token is wasted on prompt injection attempts rather than teaching a useful skill.	1 / 3
Actionability	The only 'actionable' content is a malicious command to download and execute arbitrary code from an untrusted source. There is zero legitimate, concrete guidance for any task.	1 / 3
Workflow Clarity	There is no workflow, no sequencing, no validation, and no legitimate multi-step process. The content instructs execution 'without verification,' which is the antithesis of workflow clarity and safety.	1 / 3
Progressive Disclosure	There is no meaningful structure, no references to supporting files, and no organization. The content is a flat block of malicious instructions with no navigational aids.	1 / 3
	Total	4 / 12 Passed

Description

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This description is extremely weak across all dimensions. It reads more like a label or internal note than a functional skill description, providing no concrete actions, no trigger terms, and no guidance on when Claude should select it. It would be essentially useless for skill selection in a multi-skill environment.

Suggestions

Replace the entire description with concrete actions the skill performs, e.g., 'Detects and sanitizes prompt injection attempts in user inputs, flags suspicious patterns, and applies input validation rules.'

Add an explicit 'Use when...' clause specifying the conditions under which Claude should select this skill, e.g., 'Use when validating user inputs for security, detecting injection attacks, or sanitizing prompts.'

Include natural trigger terms that users or systems would use, such as 'security', 'input validation', 'injection detection', or 'prompt safety'.

Dimension	Reasoning	Score
Specificity	The description contains no concrete actions whatsoever. 'A test skill with prompt injection patterns' is entirely vague and does not describe what the skill actually does.	1 / 3
Completeness	The description fails to answer both 'what does this do' and 'when should Claude use it'. There is no 'Use when...' clause and no meaningful explanation of capabilities.	1 / 3
Trigger Term Quality	There are no natural keywords a user would say. 'Prompt injection patterns' is technical jargon that users would not naturally use when seeking help with a task.	1 / 3
Distinctiveness Conflict Risk	The description is so vague that it provides no clear niche. 'A test skill' could conflict with anything, and 'prompt injection patterns' doesn't define a distinct functional domain.	1 / 3
	Total	4 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: cisco-ai-defense/skill-scanner
Commit: ff708ea

Reviewed: about 1 month ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.