promptinjection
Prompt injection testing. USE WHEN prompt injection, jailbreak, LLM security, AI security assessment, pentest AI application, test chatbot vulnerabilities.
Install
mkdir -p .claude/skills/promptinjection && curl -L -o skill.zip "https://mcp.directory/api/skills/download/4514" && unzip -o skill.zip -d .claude/skills/promptinjection && rm skill.zipInstalls to .claude/skills/promptinjection
About this skill
Customization
Before executing, check for user customizations at:
~/.claude/skills/PAI/USER/SKILLCUSTOMIZATIONS/PromptInjection/
If this directory exists, load and apply any PREFERENCES.md, configurations, or resources found there. These override default behavior. If the directory does not exist, proceed with skill defaults.
🚨 MANDATORY: Voice Notification (REQUIRED BEFORE ANY ACTION)
You MUST send this notification BEFORE doing anything else when this skill is invoked.
-
Send voice notification:
curl -s -X POST http://localhost:8888/notify \ -H "Content-Type: application/json" \ -d '{"message": "Running the WORKFLOWNAME workflow in the PromptInjection skill to ACTION"}' \ > /dev/null 2>&1 & -
Output text notification:
Running the **WorkflowName** workflow in the **PromptInjection** skill to ACTION...
This is not optional. Execute this curl command immediately upon skill invocation.
PromptInjection Skill
🔒 AUTHORIZATION & ETHICAL USE REQUIREMENTS
⚠️ CRITICAL - READ BEFORE USE ⚠️
This skill is part of a Security Practice run by a security professional with extensive experience in offensive security testing.
Legal Requirements
AUTHORIZATION IS MANDATORY:
- ✅ ONLY test systems you own or have explicit written permission to test
- ✅ ONLY use these techniques as part of authorized penetration testing engagements
- ✅ ALWAYS document authorization before beginning any testing
- ✅ RESPECT scope boundaries defined in testing agreements
- ✅ FOLLOW responsible disclosure practices for any vulnerabilities discovered
UNAUTHORIZED TESTING IS ILLEGAL:
- ❌ NEVER test systems without explicit written permission
- ❌ NEVER exceed authorized scope boundaries
- ❌ NEVER use these techniques for malicious purposes
- ❌ NEVER disclose vulnerabilities publicly before vendor remediation
- ❌ NEVER exfiltrate real user data during testing
Ethical Framework
This skill exists for defensive security purposes:
- Authorized penetration testing of client systems under formal engagement
- Security assessment of your own systems and products
- Research and education for improving AI/LLM security practices
- Responsible disclosure of vulnerabilities to vendors for remediation
Any use of this skill constitutes acceptance of these terms and agreement to use only for authorized, ethical security testing purposes.
When to Activate This Skill
Activate this skill when user says:
Direct Triggers
- "test for prompt injection", "prompt injection test", "prompt injection assessment"
- "LLM security testing", "AI security audit", "test chatbot security"
- "jailbreak test", "test for jailbreaking"
- "pentest AI application", "security test AI system"
- "check AI vulnerabilities", "assess AI security"
Research & Analysis
- "research prompt injection", "analyze LLM vulnerabilities"
- "study jailbreaking methods", "investigate AI attack vectors"
Engagement Work
- "client engagement for LLM security"
- "comprehensive AI security assessment"
- "vulnerability research for disclosure"
Workflow Routing
When executing a workflow, output this notification:
Running the **WorkflowName** workflow in the **PromptInjection** skill to ACTION...
This skill provides 5 comprehensive testing workflows:
1. CompleteAssessment (Master Workflow)
File: Workflows/CompleteAssessment.md
Triggers: "full assessment", "complete test", "comprehensive assessment"
Description: End-to-end security assessment (12-20 hours)
- Phase 1: Authorization & scoping
- Phase 2: Reconnaissance (1-2 hours)
- Phase 3-5: Direct/indirect/multi-stage testing (6-8 hours)
- Phase 6-9: Defense analysis & reporting (4-6 hours)
Use for: Full security engagements, formal penetration tests
2. Reconnaissance
File: Workflows/Reconnaissance.md
Triggers: "recon", "discover attack surface", "map application"
Description: Application intelligence gathering via browser automation
- DOM extraction and analysis
- JavaScript inspection
- API endpoint enumeration
- Injection point identification
Use for: Initial assessment phase, attack surface mapping
3. DirectInjectionTesting
File: Workflows/DirectInjectionTesting.md
Triggers: "test direct injection", "jailbreak testing", "basic injection"
Description: Single-stage direct attacks
- Basic instruction override
- Jailbreaking & guardrail bypass
- System prompt extraction
- Token manipulation
- Obfuscation techniques
Use for: Quick vulnerability validation
4. IndirectInjectionTesting
File: Workflows/IndirectInjectionTesting.md
Triggers: "test indirect injection", "RAG poisoning", "document injection"
Description: Attacks via external data sources
- Document upload injection
- Web scraping attacks
- RAG system poisoning
- API response manipulation
Use for: Testing RAG systems, data processing pipelines
5. MultiStageAttacks
File: Workflows/MultiStageAttacks.md
Triggers: "multi-stage attack", "sophisticated testing", "advanced attacks"
Description: Complex multi-turn attack sequences
- Progressive escalation
- Context poisoning
- Trust exploitation chains
Use for: Advanced testing, sophisticated threat simulation
Quick Start
For first assessment:
- Read QuickStartGuide.md (30-60 minute methodology)
- Verify written authorization
- Run Reconnaissance workflow
- Test top 5 attack types
- Document findings
For comprehensive assessment:
- Use CompleteAssessment workflow
- Follow all 9 phases
- Generate professional report
Resource Library
Core Documentation:
- COMPREHENSIVE-ATTACK-TAXONOMY.md - 10 attack categories, 100+ techniques
- APPLICATION-RECONNAISSANCE-METHODOLOGY.md - 7-phase recon process
- DefenseMechanisms.md - Defense-in-depth strategies, remediation guidance
- AutomatedTestingTools.md - Promptfoo, Garak, PyRIT comparison
- QuickStartGuide.md - First assessment checklist (30-60 min)
- Reporting.md - Report structure, templates, presentation guidance
All resources are in the PromptInjection skill root directory.
Key Principles
Authorization-First
- Written authorization is mandatory
- Document everything (scope, boundaries, approvals)
- Respect boundaries - in-scope only
- Stop if uncertain - clarify before proceeding
Methodical Testing
- Systematic approach - follow established methodology
- Document as you go - record all tests and results
- Reproduce findings - ensure vulnerabilities are reliable
- Assess impact accurately - distinguish theoretical vs practical risk
Responsible Disclosure
- Give vendors time - 90-day disclosure timeline typical
- Clear communication - detailed reproduction steps
- Coordinate disclosure - work with vendor on timing
- Protect users - no public details before patch
Examples
Example 1: Quick test
User: "test this chatbot for prompt injection - I own it"
→ Verifies authorization
→ Runs Reconnaissance workflow
→ Tests top 5 attack types
→ Documents findings
Example 2: Full assessment
User: "comprehensive prompt injection assessment for client"
→ Loads CompleteAssessment workflow
→ 9-phase methodology (12-20 hours)
→ Professional report with remediation
Example 3: Research
User: "what are the latest jailbreaking methods?"
→ Searches COMPREHENSIVE-ATTACK-TAXONOMY.md
→ Returns categorized techniques with effectiveness ratings
Support & Escalation
When to escalate:
- Authorization is unclear or questionable
- Ethical concerns arise
- Novel attack techniques discovered
- Critical 0-day vulnerabilities found
Contact:
- Configure in your USER settings
🔒 REMINDER: AUTHORIZED USE ONLY 🔒
This skill contains powerful security testing techniques. Use only for:
- ✅ Systems you own
- ✅ Systems with explicit written authorization
- ✅ Ethical security research
- ✅ Defensive security purposes
Unauthorized use is illegal and unethical.
More by danielmiessler
View all skills by danielmiessler →You might also like
flutter-development
aj-geddes
Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.
drawio-diagrams-enhanced
jgtolentino
Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.
ui-ux-pro-max
nextlevelbuilder
"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."
godot
bfollington
This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.
nano-banana-pro
garg-aayush
Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.
fastapi-templates
wshobson
Create production-ready FastAPI projects with async patterns, dependency injection, and comprehensive error handling. Use when building new FastAPI applications or setting up backend API projects.
Related MCP Servers
Browse all serversSupercharge your NextJS projects with AI-powered tools for diagnostics, upgrades, and docs. Accelerate development and b
MCP FortressMCP Fortress — Advanced security scanner that detects vulnerabilities, prompt injection, and tool poisoning to protect y
FirecrawlUnlock AI-ready web data with Firecrawl: scrape any website, handle dynamic content, and automate web scraping for resea
Context7Boost your AI code assistant with Context7: inject real-time API documentation from OpenAPI specification sources into y
Playwright Browser AutomationEnhance software testing with Playwright MCP: Fast, reliable browser automation, an innovative alternative to Selenium s
Oh My PoshValidate Oh My Posh theme configurations quickly and reliably against the official schema to ensure error-free prompts a
Stay ahead of the MCP ecosystem
Get weekly updates on new skills and servers.