indirect-prompt-injection logo

indirect-prompt-injection

#1448 · by kornhollio
skillopenclawagent-skill
3.15/ 5.00
trustedBeta
Mar 4, 2026 at 11:08 PM6 signals analysedNo manual reviews · fully automated
Trust Signal Breakdown
high6 sub-signals across 6 dimensions

CVEs, dependency health, and supply chain integrity

1 of 1 sub-signals with data

virustotal scan100%2.5

Uptime, latency, error rates, and incident history

1 of 1 sub-signals with data

content safety100%5.0

Commit recency, release cadence, issue response, CI/CD

1 of 1 sub-signals with data

freshness100%2.8

Downloads, stars, dependents, and growth trajectory

1 of 1 sub-signals with data

adoption100%1.4

License, documentation, security policy, changelog

1 of 1 sub-signals with data

transparency100%3.0

Track record, org maturity, community standing

1 of 1 sub-signals with data

publisher reputation100%2.9
About this score
Scored across 6 sub-signals in 6 dimensionsScoring engine v1 (beta) — actively being expandedPhase 1: Core sub-signal architecture (live)Phase 2: Permission scope & expanded collection (in progress)
Signal Detailsfrom signal_history
VirusTotal Scan2.5
PENDING

ClawHub submits every skill to VirusTotal on publish. Scanned by 70+ security vendors for malware, trojans, and suspicious patterns.

Source: ClawHub moderation
Content Safety5.0
NO ISSUES

Scanned for credential leaks, shell injection, config tampering, base64 payloads, sensitive path access, SOUL.md/AGENTS.md tampering.

3,650 characters analyzed
Publisher Reputation2.8
GitHubaviv4339
Account age8.2 years
Public repos9
Adoption1.4
Installs8
Downloads1,991
Stars14
Comments0
View on ClawHub
Freshness3.0
Last updated7d ago
Latest versionv1.0.0
Versions published1
ChangelogPresent
Transparency2.9
6/6 checks passed100%
Has Changelog No Obfuscation Has Description Has Frontmatter Has Usage Instructions Substantive Description
Trust AssessmentAI Assessment

indirect-prompt-injection is a security skill by kornhollio (clawhub, unknown license) that detects prompt injection attacks in external content before processing. The skill shows strong content safety signals and provides 20+ detection patterns including homoglyph detection, though the publisher has limited reputation data. With low adoption (14 stars) and unknown licensing terms, teams should verify the detection logic matches their threat model before deploying in production systems.

Generated by Fabric AI · Mar 4, 2026 at 4:56 AM

Incidents & Alertslast 90 days
Mar 2Trust score increased by 0.923.22
Mar 2Trust score decreased by 0.922.30
Mar 2Trust score increased by 0.923.22
Mar 1Trust score decreased by 0.922.30
Feb 25indirect-prompt-injection added to Trust Index3.18
Showing 5 of 5 events
Score History40 snapshots
5.003.752.501.250.00
Feb 25Mar 4
Data Sources4 indexed
VirusTotalMalware scanning by 70+ security vendors
ClawHub RegistryInstall counts, stars, version history, moderation status
GitHub APIPublisher account age, activity, reputation
SKILL.md AnalysisStatic content analysis for credential leaks, malicious patterns

Are you the publisher?

Claim this profile to unlock deeper evaluation, real-time monitoring,
and trust signals that help agents discover your service.

Share this Trust Score

Generate a scorecard image optimised for X, LinkedIn and other social platforms.

⬇ Download Score Card