prompt-shield_skill

This skill guards AI agents against prompt injections by detecting 113 patterns and enforcing a tamper-proof, peer-reviewed whitelist to ensure safe inputs.
  • Python

2.5k

GitHub Stars

7

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill openclaw/skills --skill prompt-shield

  • _meta.json463 B
  • patterns.yaml19.9 KB
  • prompt-shield-hook.sh1.5 KB
  • SCORING.md10.6 KB
  • shield.py35.4 KB
  • SKILL.md4.7 KB
  • whitelist.yaml1004 B

Overview

This skill is a Prompt Injection Firewall for AI agents that inspects incoming text and blocks manipulative or malicious prompts. It uses 113 detection patterns across 14 threat categories, a heuristic scoring system, and a tamper-proof hash-chain whitelist with mandatory peer review. Integration hooks (Claude Code) allow automatic interception before agent processing.

How this skill works

The scanner analyzes input against pattern signatures and assigns scores that map to CLEAN, WARNING, or BLOCK outcomes. Heuristic combo bonuses raise danger levels when multiple categories appear together. A hash-chained whitelist allows safe overrides only after two peer approvals and enforces expiration and limited exemptions. Hooks can return silent pass, caution messages, or block processing depending on the verdict.

When to use it

  • Protect agents that accept untrusted user content or third-party skill responses.
  • Pre-filter messages before handing them to LLMs to prevent jailbreaks and command execution.
  • Enforce safe agent behavior in deployed multi-skill systems and agent marketplaces.
  • Audit archived skill packages or backups for embedded prompt malware before restoration.
  • Apply automated filtering in chatops, moderation pipelines, or webhook handlers.

Best practices

  • Run the scanner as a pre-processing hook so dangerous inputs never reach the model.
  • Maintain and peer-review the hash-chain whitelist; require at least two distinct approvers.
  • Tune warning thresholds and follow up WARNING results with human review for high-risk contexts.
  • Rotate whitelist expiration and limit category exemptions to minimize long-term risk.
  • Combine pattern detection with runtime sandboxing for any code execution paths.

Example use cases

  • Block messages that mimic system prompts (fake authority) to prevent model obedience to injected commands.
  • Detect and reject command injection, reverse-shell payloads, and base64-encoded skill malware.
  • Prevent crypto spam and link-based scams from being acted on by automation skills.
  • Catch memory poisoning and identity override attempts that try to change agent behavior.
  • Archive scanners for skill repositories or backups to flag potentially malicious archived skills before deployment.

FAQ

WARNING inputs are allowed to pass only with a caution message and should trigger human review or stricter downstream checks in high-risk workflows.

How does the hash-chain whitelist prevent tampering?

Each whitelist entry stores the SHA256 of the previous entry; any insertion, deletion, or modification breaks the chain and can be detected by the verification routine.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational