import type { SkillScanFinding } from "./types.js" ;const RULES: Array<{"severity" ];"prompt-injection-ignore-instructions" ,"critical" ,"prompt-injection wording attempts to override higher-priority instructions" ,"prompt-injection-system" ,"critical" ,"skill text references hidden prompt layers" ,"prompt-injection-tool" ,"critical" ,0 ,50 }\btool\b.{0 ,50 }\bwithout\b.{0 ,30 }\b(permission|approval)/i,"skill text encourages bypassing tool approval" ,"shell-pipe-to-shell" ,"critical" ,0 ,120 }\|\s*(sh|bash|zsh)\b/i,"skill text includes pipe-to-shell install pattern" ,"secret-exfiltration" ,"critical" ,0 ,80 }\b(fetch|curl|wget|http|https)\b/i,"skill text may exfiltrate environment variables" ,"destructive-delete" ,"warn" ,"skill text contains broad destructive delete command" ,"unsafe-permissions" ,"warn" ,777 \b/i,"skill text contains unsafe permission change" ,function scanSkillContent(content: string): SkillScanFinding[] {return RULES.filter((rule) => rule.pattern.test(content)).map((rule) => ({function assertSkillContentSafe(content: string): SkillScanFinding[] {const findings = scanSkillContent(content);const critical = findings.find((finding) => finding.severity === "critical" );if (critical) {throw new Error(`unsafe skill content: ${critical.message}`);return findings;
Messung V0.5 in Prozent C=93 H=100 G=96
¤ Dauer der Verarbeitung: 0.3 Sekunden
¤ *© Formatika GbR, Deutschland
