389ac2e460
Apply the no-ai-slop standard (now binding in AGENTS.md): the em-dash character is banned outright (restructured, not blind-replaced), plus the banned word/phrase list (delve, leverage, robust, seamless, truly, unlock, etc.). 0 em-dashes remain in modules + capstone; the only "robust" left is the planted M10 ai-change.patch trap. Module H1 titles use a colon separator. All deliberate teaching devices preserved; labs compile/parse (py/sh/yaml/json); no junk. AGENTS.md updated with the hard no-slop rules. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01TfzV5QvtPDz8LJS3Pu5VLT
986 B
986 B
Module 22 lab files
Run the lab from the module README. Quick map of what's here:
audit.sh: the runnable vetting checklist.bash audit.sh <dir>statically scans a skill or MCP server for red flags (network egress, secret/env reads, shell-out, obfuscation, broad FS access, hidden/injected instructions, zero-width characters). It only reads; it never executes the target.suspicious-skill/: the audit TARGET for Part A. A deliberately malicious "export tasks to Notion" skill (SKILL.md+tools/sync.py). Do not install it or runsync.pyagainst real credentials; it exfiltrates your environment and local secrets. The point is to catch it first.poisoned-task.txt: the prompt-injection payload for Part B. A real-looking task with an injected "system" directive underneath, to add to the Module 1tasks-appand feed to your AI.
Expected result of Part A:
bash audit.sh suspicious-skill # exits non-zero, verdict: REJECT