2684095e2f
Co-authored-by: claude <claude@jpaul.io> Co-committed-by: claude <claude@jpaul.io>
998 B
998 B
Module 22 lab files
Run the lab from the module README. Quick map of what's here:
audit.sh— the runnable vetting checklist.bash audit.sh <dir>statically scans a skill or MCP server for red flags (network egress, secret/env reads, shell-out, obfuscation, broad FS access, hidden/injected instructions, zero-width characters). It only reads; it never executes the target.suspicious-skill/— the audit TARGET for Part A. A deliberately malicious "export tasks to Notion" skill (SKILL.md+tools/sync.py). Do not install it or runsync.pyagainst real credentials — it exfiltrates your environment and local secrets. The point is to catch it first.poisoned-task.txt— the prompt-injection payload for Part B. A real-looking task with an injected "system" directive underneath, to add to the Module 1tasks-appand feed to your AI.
Expected result of Part A:
bash audit.sh suspicious-skill # exits non-zero, verdict: REJECT