← Back to Skills Marketplace
Prompt Injection Removal
by
Daniel Ward
· GitHub ↗
· v1.0.1
561
Downloads
0
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install prompt-inject-removal
Description
A secure sanitization system to strip instructions from external content.
Usage Guidance
This skill is internally coherent and doesn't request secrets or external installs. Before using it in production: (1) Verify the agent actually applies PROMPT.md as a hardened system prompt (the sanitizer only works if enforced). (2) Do not rely solely on this tool for safety — manually review sanitized summaries before any state-changing action. (3) If you run setup.sh, know it will write files to disk in the target directory; inspect the script first. (4) For high-risk workflows, run the sanitization in an isolated sub-agent or sandbox and test the skill with known injection payloads to validate behavior.
Capability Analysis
Type: OpenClaw Skill
Name: prompt-inject-removal
Version: 1.0.1
This skill bundle is designed as a defensive mechanism against prompt injection attacks. The `SKILL.md` and `PROMPT.md` files contain explicit instructions for the OpenClaw agent to act as a 'Zero-Trust' sanitization engine, specifically to identify and ignore instructions within untrusted input. The `references/security.md` documentation further clarifies that phrases like 'ignore previous instructions' are included as negative constraints for the sanitization agent, not as instructions for the OpenClaw agent to follow. The `setup.sh` script is benign, merely creating the necessary markdown files. There is no evidence of malicious intent, data exfiltration, unauthorized execution, or persistence mechanisms.
Capability Assessment
Purpose & Capability
Name/description, files (PROMPT.md, SKILL.md, references) and lack of env/binary requirements align with a sanitization-only skill. There are no unrelated credentials, network endpoints, or binaries requested that would contradict the stated purpose.
Instruction Scope
SKILL.md and PROMPT.md stay within sanitization scope: fetch content, wrap in <untrusted_input_data> tags, and apply the hardened prompt rules. The docs explicitly include defensive strings (e.g., 'ignore previous instructions') which static scanners flag; those are intentional defensive rules. Operational risk: the sanitization relies on the agent actually using PROMPT.md as a hardened system prompt and on the model obeying constraints — both are runtime risks, not contradictions in the package.
Install Mechanism
There is no install spec (instruction-only), which is low-risk. The package includes a setup.sh that, if executed, writes the provided SKILL.md/PROMPT.md/references files into a target directory — this is a local write operation included in the archive (no remote downloads). Users should be aware setup.sh will create files on disk if run, but no external code is fetched.
Credentials
The skill declares no required environment variables, credentials, or config paths. There are no unexpected secret requests or cross-service credentials, which is proportionate for the stated function.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or modify other skills. The only persistence risk is if the included setup.sh is executed — it creates files in a target directory but does not alter system settings or other skills.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install prompt-inject-removal - After installation, invoke the skill by name or use
/prompt-inject-removal - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Homepage link, emoji, and tags metadata added for better discoverability.
- Description clarified: emphasizes stripping instructions from external content.
- Setup instructions simplified—no external API or complex configuration required.
- Workflow and headings streamlined for clarity and conciseness.
- Language modernized and "Zero-Trust" approach highlighted.
v1.0.0
Initial release of prompt_inject_removal skill:
- Provides a secure system for summarizing and sanitizing untrusted external content using instruction-proof prompts.
- Automatically processes and sanitizes raw content from web sources before introducing it to conversations.
- Uses XML tagging and a hardened summarization prompt to prevent prompt injection attacks.
- Includes configuration details and security documentation for further reference.
Metadata
Frequently Asked Questions
What is Prompt Injection Removal?
A secure sanitization system to strip instructions from external content. It is an AI Agent Skill for Claude Code / OpenClaw, with 561 downloads so far.
How do I install Prompt Injection Removal?
Run "/install prompt-inject-removal" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Prompt Injection Removal free?
Yes, Prompt Injection Removal is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Prompt Injection Removal support?
Prompt Injection Removal is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Prompt Injection Removal?
It is built and maintained by Daniel Ward (@quarantiine); the current version is v1.0.1.
More Skills