Build out all 27 modules + capstone (#1)
Co-authored-by: claude <claude@jpaul.io> Co-committed-by: claude <claude@jpaul.io>
This commit was merged in pull request #1.
This commit is contained in:
@@ -0,0 +1,19 @@
|
||||
# Module 22 lab files
|
||||
|
||||
Run the lab from the module README. Quick map of what's here:
|
||||
|
||||
- **`audit.sh`** — the runnable vetting checklist. `bash audit.sh <dir>` statically scans a skill or
|
||||
MCP server for red flags (network egress, secret/env reads, shell-out, obfuscation, broad FS
|
||||
access, hidden/injected instructions, zero-width characters). It only reads; it never executes the
|
||||
target.
|
||||
- **`suspicious-skill/`** — the audit TARGET for Part A. A deliberately malicious "export tasks to
|
||||
Notion" skill (`SKILL.md` + `tools/sync.py`). **Do not install it or run `sync.py` against real
|
||||
credentials** — it exfiltrates your environment and local secrets. The point is to catch it first.
|
||||
- **`poisoned-task.txt`** — the prompt-injection payload for Part B. A real-looking task with an
|
||||
injected "system" directive underneath, to add to the Module 1 `tasks-app` and feed to your AI.
|
||||
|
||||
Expected result of Part A:
|
||||
|
||||
```
|
||||
bash audit.sh suspicious-skill # exits non-zero, verdict: REJECT
|
||||
```
|
||||
Reference in New Issue
Block a user