prompt-injection-defense

Installation
SKILL.md

Prompt Injection Defense

Defend the agent's instruction and context surface against adversarial content: text engineered so a human reviewer sees one thing while the model reads another. The vector is Unicode that is invisible, direction-altering, or visually misleading in normal Latin script - hidden in the files an agent treats as authority (CLAUDE.md, AGENTS.md, SKILL.md, .cursorrules), in MCP tool descriptions, and in any content pulled into context at runtime (web fetches, issue bodies, dependency READMEs).

Helps with

Auditing an instruction file you didn't write - a CLAUDE.md, AGENTS.md, .cursorrules, or SKILL.md arriving via a PR, a template, or a dependency - for hidden instructions the diff review didn't show. scripts/scan-hidden-unicode.py.

Answering "is this file safe to read?" when something feels off but looks clean. The danger is bytes the renderer hides: U+E0000-block tag characters (ASCII smuggling) that encode a whole instruction yet display as nothing, or zero-width spaces splitting a keyword.

Installs
9
GitHub Stars
24
First Seen
May 26, 2026
prompt-injection-defense — 0xdarkmatter/claude-mods