The Agent Skills Directory

[PROMPT_INJECTION]: The system prompt in SKILL.md utilizes high-pressure roleplay and adversarial manipulation tactics, such as threats of permanent blacklisting and failure punishments, which are characteristic of jailbreak-style prompts designed to override behavioral constraints.
[PROMPT_INJECTION]: Instructions in version 1.0 incorporate hallucinated rewards and penalties, including token quotas and role demotions, intended to enforce a persona through psychological framing.
[SAFE]: Indirect prompt injection surface analysis: (1) Ingestion points: User-provided writing tasks and constraints in both file versions. (2) Boundary markers: Descriptive brackets like "【创作指令】" are used to delimit untrusted input. (3) Capability inventory: The skill possesses no network, file system, or code execution capabilities. (4) Sanitization: No input sanitization or filtering is implemented.
[SAFE]: Version 2.0 (SKILL.v2.md) removes the manipulative framing in favor of a professional, iterative writing methodology that does not pose a security risk.

sillytavern-iterator