loading
loading
Harden your agent against prompt injection — treat web, file, and MCP output as untrusted and gate risky actions.
The honest take on prompt injection: don't try to detect it, defuse it. It enforces the lethal-trifecta budget and gates risky actions — defense that actually holds.
Listed for review
No verified public repo for this skill yet, so this page does not give you an install command. Skills with a verified source install in one command — or fully manual: copy the skill folder into .claude/skills/ and your agent picks it up.
Boostor Quality Score
42/100 · D
Prompt Injection Shield is a defense skill, not a detector. Instead of trying to spot malicious instructions hidden in data (which is unreliable), it removes the conditions that make injection dangerous: it labels all fetched, read, and tool-returned content as untrusted DATA rather than instructions, enforces the lethal-trifecta and Agents Rule of Two budgets so a single session never combines untrusted input, sensitive access, and an outbound channel, isolates secrets out of the model's context, and gates every irreversible or outbound action behind explicit human approval. Ships with a decision procedure, a 9-point checklist, the dual-LLM quarantine pattern, and worked examples for poisoned READMEs, exfiltrating issues, and malicious MCP results.
Threat-review an agent system for prompt injection, secret exposure, over-broad tools, and ungated actions.
Reviews the tool permissions, not just the prompt — where most agent security actually fails. Pairs with prompt-injection-shield for the fixes.
Transparent + deterministic: every point above is computed from this skill's real fields plus a prompt-injection safety scan. No black box, no pay-to-rank.
Cut an agent's tool scopes to least privilege — required actions in, write and delete gated.
Does the tedious least-privilege pass teams skip — strips scopes a task doesn't need without breaking reads, and gates write and delete.