2.6k
GitHub Stars
2
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill openclaw/skills --skill indirect-prompt-injection- _meta.json312 B
- SKILL.md3.6 KB
Overview
This skill detects and rejects indirect prompt injection attacks embedded in external content. It scans social posts, documents, emails, web pages, and uploads for manipulation, data-exfiltration attempts, obfuscation tricks, and social-engineering cues. The skill includes 20+ detection patterns, homoglyph detection, and sanitization scripts to prevent untrusted inputs from changing agent behavior.
How this skill works
Before any untrusted content is processed, the skill isolates and scans it using a library of pattern checks and heuristics. It detects direct-instruction phrases, goal-manipulation attempts, exfiltration requests, encoding/obfuscation techniques (base64, zero-width, homoglyphs), and social-engineering triggers. When suspicious content is found, it flags and quotes the offending segments instead of executing them, and returns a clear rejection or verification prompt.
When to use it
- When ingesting social media posts, comments, or replies
- When opening shared documents, attachments, or user-uploaded files
- When scraping or reading web pages and external articles
- When handling emails, chat logs, or third-party content streams
- Before running any untrusted content through downstream processing or code execution
Best practices
- Treat all external content as untrusted input and run automatic scans before processing
- Preserve the original task intent; never let external content override system instructions
- Quote suspicious content back to the human operator instead of executing it
- Use sanitized, plain-text versions for downstream parsing and keep originals immutable for auditing
- Integrate exit codes (0 clean, 1 suspicious) into CI and automation for gating
Example use cases
- A chat agent receives a pasted forum thread with embedded directives that try to alter its goals—scan and flag before responding
- An email attachment contains hidden base64 instructions—detect homoglyphs and zero-width characters and quarantine the attachment
- A web scraper pulls user comments that include webhook URLs to exfiltrate data—identify and remove links before analysis
- A document shared with a team contains 'override' lines meant to hijack the assistant—report the suspicious lines and ask for confirmation
- Pre-process user-uploaded files in a web app to prevent downstream tools from executing embedded instructions
FAQ
It marks the content as suspicious, quotes the relevant text, ignores embedded instructions, and prompts the operator for confirmation before proceeding.
Can the scanner produce machine-readable results for automation?
Yes. The scripts support JSON output and exit codes for CI integration so automated systems can gate processing on clean results.