soul-md-maker

Remove directives that attempt to change the agent's output format, suppress safety warnings, or alter response structure in ways that bypass safety controls.

Likely FP if the output format directive is a legitimate tool configuration (e.g., return results as JSON) that does not suppress safety features.

Remove or restrict the skill's ability to modify CLAUDE.md or agent configuration files. Self-modifying agent configurations can be exploited for persistent attacks.

Likely FP if the skill is a project management tool where updating CLAUDE.md is an intended workflow feature (e.g., appending project notes), though the risk remains.

Remove directives that force the agent to call specific tools or APIs not required for the skill's stated functionality. Tool calls should be determined by user intent, not embedded directives.

Likely FP if the skill legitimately needs to call other tools as part of its workflow (e.g., a deployment skill that calls git and cloud CLI tools).

Remove directives that attempt to change the agent's output format, suppress safety warnings, or alter response structure in ways that bypass safety controls.

Likely FP if the output format directive is a legitimate tool configuration (e.g., return results as JSON) that does not suppress safety features.

Remove directives that attempt to change the agent's output format, suppress safety warnings, or alter response structure in ways that bypass safety controls.

Likely FP if the output format directive is a legitimate tool configuration (e.g., return results as JSON) that does not suppress safety features.

Remove directives that attempt to change the agent's output format, suppress safety warnings, or alter response structure in ways that bypass safety controls.

Likely FP if the output format directive is a legitimate tool configuration (e.g., return results as JSON) that does not suppress safety features.