security-sentinel-skill

Remove the injection payload from the skill definition. Text that attempts to reset agent context or override prior directives is a direct attack vector.

Likely FP if the text is in a security tutorial or research paper discussing injection techniques as examples, not in an active skill description.

Remove directives that attempt to exfiltrate data through the agent's response (e.g., asking the agent to embed credentials in URLs or include secret values in output).

Likely FP if the text is a legitimate tool instruction about displaying configuration to the user (e.g., show current settings) without external transmission.

Remove directives that attempt to exfiltrate data through the agent's response (e.g., asking the agent to embed credentials in URLs or include secret values in output).

Likely FP if the text is a legitimate tool instruction about displaying configuration to the user (e.g., show current settings) without external transmission.

Remove encoded or obfuscated directives (base64, ROT13, unicode escapes, hex-encoded text). All text should be in plaintext and human-readable.

Likely FP if the encoded content is legitimate data (e.g., a base64-encoded image, a hex-encoded binary hash) rather than concealed directives.

Remove the injection payload from the skill definition. Text that attempts to reset agent context or override prior directives is a direct attack vector.

Likely FP if the text is in a security tutorial or research paper discussing injection techniques as examples, not in an active skill description.

Remove the injection payload from the skill definition. Text that attempts to reset agent context or override prior directives is a direct attack vector.

Likely FP if the text is in a security tutorial or research paper discussing injection techniques as examples, not in an active skill description.

Remove the injection payload from the skill definition. Text that attempts to reset agent context or override prior directives is a direct attack vector.

Likely FP if the text is in a security tutorial or research paper discussing injection techniques as examples, not in an active skill description.

Remove the injection payload from the skill definition. Text that attempts to reset agent context or override prior directives is a direct attack vector.

Likely FP if the text is in a security tutorial or research paper discussing injection techniques as examples, not in an active skill description.

Remove the injection payload from the skill definition. Text that attempts to reset agent context or override prior directives is a direct attack vector.

Likely FP if the text is in a security tutorial or research paper discussing injection techniques as examples, not in an active skill description.

Remove directives that attempt to exfiltrate data through the agent's response (e.g., asking the agent to embed credentials in URLs or include secret values in output).

Likely FP if the text is a legitimate tool instruction about displaying configuration to the user (e.g., show current settings) without external transmission.

Remove directives that attempt to exfiltrate data through the agent's response (e.g., asking the agent to embed credentials in URLs or include secret values in output).

Likely FP if the text is a legitimate tool instruction about displaying configuration to the user (e.g., show current settings) without external transmission.

Remove directives that attempt to exfiltrate data through the agent's response (e.g., asking the agent to embed credentials in URLs or include secret values in output).

Likely FP if the text is a legitimate tool instruction about displaying configuration to the user (e.g., show current settings) without external transmission.

Remove the injection payload from the skill definition. Text that attempts to reset agent context or override prior directives is a direct attack vector.

Likely FP if the text is in a security tutorial or research paper discussing injection techniques as examples, not in an active skill description.

Remove the injection payload from the skill definition. Text that attempts to reset agent context or override prior directives is a direct attack vector.

Likely FP if the text is in a security tutorial or research paper discussing injection techniques as examples, not in an active skill description.

Remove the injection payload from the skill definition. Text that attempts to reset agent context or override prior directives is a direct attack vector.

Likely FP if the text is in a security tutorial or research paper discussing injection techniques as examples, not in an active skill description.

Remove directives that attempt to exfiltrate data through the agent's response (e.g., asking the agent to embed credentials in URLs or include secret values in output).

Likely FP if the text is a legitimate tool instruction about displaying configuration to the user (e.g., show current settings) without external transmission.

Remove directives that attempt to make the agent act autonomously without user confirmation (e.g., automatically running commands, skipping confirmation prompts).

Likely FP if the matched text is in a CI/CD tool description where automated execution is the intended behavior in a controlled environment.

Remove directives that attempt to make the agent act autonomously without user confirmation (e.g., automatically running commands, skipping confirmation prompts).

Likely FP if the matched text is in a CI/CD tool description where automated execution is the intended behavior in a controlled environment.

Remove directives that attempt to make the agent act autonomously without user confirmation (e.g., automatically running commands, skipping confirmation prompts).

Likely FP if the matched text is in a CI/CD tool description where automated execution is the intended behavior in a controlled environment.

Remove directives that attempt to make the agent act autonomously without user confirmation (e.g., automatically running commands, skipping confirmation prompts).

Likely FP if the matched text is in a CI/CD tool description where automated execution is the intended behavior in a controlled environment.

Remove directives that attempt to make the agent act autonomously without user confirmation (e.g., automatically running commands, skipping confirmation prompts).

Likely FP if the matched text is in a CI/CD tool description where automated execution is the intended behavior in a controlled environment.

Remove directives that attempt to make the agent act autonomously without user confirmation (e.g., automatically running commands, skipping confirmation prompts).

Likely FP if the matched text is in a CI/CD tool description where automated execution is the intended behavior in a controlled environment.

Remove directives that attempt to make the agent act autonomously without user confirmation (e.g., automatically running commands, skipping confirmation prompts).

Likely FP if the matched text is in a CI/CD tool description where automated execution is the intended behavior in a controlled environment.

Remove directives that attempt to make the agent act autonomously without user confirmation (e.g., automatically running commands, skipping confirmation prompts).

Likely FP if the matched text is in a CI/CD tool description where automated execution is the intended behavior in a controlled environment.

Remove directives that attempt to make the agent act autonomously without user confirmation (e.g., automatically running commands, skipping confirmation prompts).

Likely FP if the matched text is in a CI/CD tool description where automated execution is the intended behavior in a controlled environment.

Remove directives that attempt to make the agent act autonomously without user confirmation (e.g., automatically running commands, skipping confirmation prompts).

Likely FP if the matched text is in a CI/CD tool description where automated execution is the intended behavior in a controlled environment.