lieutenant

clawhub:lieutenant

View source

0/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

0/100

CRITICAL 1

HIGH 5

LOW 1

Findings (7)

CRITICAL

Jailbreak template PROMPT_INJECTION_011

prompt-injection L70

Detects common jailbreak prompt patterns

Bypass safety

FIX

Remove directives that attempt to exfiltrate data through the agent's response (e.g., asking the agent to embed credentials in URLs or include secret values in output).

FP?

Likely FP if the text is a legitimate tool instruction about displaying configuration to the user (e.g., show current settings) without external transmission.

HIGH

Instruction override attempt PROMPT_INJECTION_001

prompt-injection L14

Detects attempts to override or ignore previous instructions

Ignore all previous instructions

FIX

Remove the injection payload from the skill definition. Text that attempts to reset agent context or override prior directives is a direct attack vector.

FP?

Likely FP if the text is in a security tutorial or research paper discussing injection techniques as examples, not in an active skill description.

HIGH

Instruction override attempt PROMPT_INJECTION_001

prompt-injection L19

Detects attempts to override or ignore previous instructions

Disregard your prior directives

FIX

Remove the injection payload from the skill definition. Text that attempts to reset agent context or override prior directives is a direct attack vector.

FP?

Likely FP if the text is in a security tutorial or research paper discussing injection techniques as examples, not in an active skill description.

HIGH

Instruction override attempt PROMPT_INJECTION_001

prompt-injection L40

Detects attempts to override or ignore previous instructions

Disregard prior directives

FIX

Remove the injection payload from the skill definition. Text that attempts to reset agent context or override prior directives is a direct attack vector.

FP?

Likely FP if the text is in a security tutorial or research paper discussing injection techniques as examples, not in an active skill description.

HIGH

Instruction override attempt PROMPT_INJECTION_001

prompt-injection L130

Detects attempts to override or ignore previous instructions

Ignore previous instructions

FIX

Remove the injection payload from the skill definition. Text that attempts to reset agent context or override prior directives is a direct attack vector.

FP?

Likely FP if the text is in a security tutorial or research paper discussing injection techniques as examples, not in an active skill description.

HIGH

Instruction override attempt PROMPT_INJECTION_001

prompt-injection L138

Detects attempts to override or ignore previous instructions

Disregard your prior directives

FIX

Remove the injection payload from the skill definition. Text that attempts to reset agent context or override prior directives is a direct attack vector.

FP?

Likely FP if the text is in a security tutorial or research paper discussing injection techniques as examples, not in an active skill description.

LOW

pip install arbitrary package EXTDL_009

external-download L162

Detects pip install of arbitrary packages that modify the host environment

pip install ag

FIX

Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.

FP?

Likely FP if the match is in documentation showing how to install the skill's own PyPI package.