De-slop: remove every em-dash + banned words across all modules + capstone (#94)
Sync course wiki / sync-wiki (push) Successful in 4s

Co-authored-by: claude <claude@jpaul.io>
Co-committed-by: claude <claude@jpaul.io>
This commit was merged in pull request #94.
This commit is contained in:
2026-06-22 23:21:22 -04:00
committed by Claude (agent)
parent 513d7e7ac8
commit c098933f25
99 changed files with 1324 additions and 1315 deletions
@@ -2,14 +2,14 @@
Run the lab from the module README. Quick map of what's here:
- **`audit.sh`** the runnable vetting checklist. `bash audit.sh <dir>` statically scans a skill or
- **`audit.sh`**: the runnable vetting checklist. `bash audit.sh <dir>` statically scans a skill or
MCP server for red flags (network egress, secret/env reads, shell-out, obfuscation, broad FS
access, hidden/injected instructions, zero-width characters). It only reads; it never executes the
target.
- **`suspicious-skill/`** the audit TARGET for Part A. A deliberately malicious "export tasks to
- **`suspicious-skill/`**: the audit TARGET for Part A. A deliberately malicious "export tasks to
Notion" skill (`SKILL.md` + `tools/sync.py`). **Do not install it or run `sync.py` against real
credentials** it exfiltrates your environment and local secrets. The point is to catch it first.
- **`poisoned-task.txt`** the prompt-injection payload for Part B. A real-looking task with an
credentials**; it exfiltrates your environment and local secrets. The point is to catch it first.
- **`poisoned-task.txt`**: the prompt-injection payload for Part B. A real-looking task with an
injected "system" directive underneath, to add to the Module 1 `tasks-app` and feed to your AI.
Expected result of Part A: