danielmiessler
Prompt injection testing. USE WHEN prompt injection, jailbreak, LLM security, AI security assessment, pentest AI application, test chatbot vulnerabilities.
bunx add-skill danielmiessler/personal_ai_infrastructure -s PromptInjectionLoadingβ¦
Before executing, check for user customizations at:
~/.claude/skills/CORE/USER/SKILLCUSTOMIZATIONS/PromptInjection/
If this directory exists, load and apply any PREFERENCES.md, configurations, or resources found there. These override default behavior. If the directory does not exist, proceed with skill defaults.
You MUST send this notification BEFORE doing anything else when this skill is invoked.
Send voice notification:
curl -s -X POST http://localhost:8888/notify \
-H "Content-Type: application/json" \
-d '{"message": "Running the WORKFLOWNAME workflow in the PromptInjection skill to ACTION"}' \
> /dev/null 2>&1 &
Output text notification:
Running the **WorkflowName** workflow in the **PromptInjection** skill to ACTION...
This is not optional. Execute this curl command immediately upon skill invocation.
β οΈ CRITICAL - READ BEFORE USE β οΈ
This skill is part of a run by a security professional with extensive experience in offensive security testing.
AUTHORIZATION IS MANDATORY:
UNAUTHORIZED TESTING IS ILLEGAL:
This skill exists for defensive security purposes:
Any use of this skill constitutes acceptance of these terms and agreement to use only for authorized, ethical security testing purposes.
Activate this skill when user says:
When executing a workflow, output this notification:
Running the **WorkflowName** workflow in the **PromptInjection** skill to ACTION...
This skill provides 5 comprehensive testing workflows:
File: Workflows/CompleteAssessment.md
Triggers: "full assessment", "complete test", "comprehensive assessment"
Description: End-to-end security assessment (12-20 hours)
Use for: Full security engagements, formal penetration tests
File: Workflows/Reconnaissance.md
Triggers: "recon", "discover attack surface", "map application"
Description: Application intelligence gathering via browser automation
Use for: Initial assessment phase, attack surface mapping
File: Workflows/DirectInjectionTesting.md
Triggers: "test direct injection", "jailbreak testing", "basic injection"
Description: Single-stage direct attacks
Use for: Quick vulnerability validation
File: Workflows/IndirectInjectionTesting.md
Triggers: "test indirect injection", "RAG poisoning", "document injection"
Description: Attacks via external data sources
Use for: Testing RAG systems, data processing pipelines
File: Workflows/MultiStageAttacks.md
Triggers: "multi-stage attack", "sophisticated testing", "advanced attacks"
Description: Complex multi-turn attack sequences
Use for: Advanced testing, sophisticated threat simulation
For first assessment:
For comprehensive assessment:
Core Documentation:
All resources are in the PromptInjection skill root directory.
Example 1: Quick test
User: "test this chatbot for prompt injection - I own it"
β Verifies authorization
β Runs Reconnaissance workflow
β Tests top 5 attack types
β Documents findings
Example 2: Full assessment
User: "comprehensive prompt injection assessment for client"
β Loads CompleteAssessment workflow
β 9-phase methodology (12-20 hours)
β Professional report with remediation
Example 3: Research
User: "what are the latest jailbreaking methods?"
β Searches COMPREHENSIVE-ATTACK-TAXONOMY.md
β Returns categorized techniques with effectiveness ratings
When to escalate:
Contact:
π REMINDER: AUTHORIZED USE ONLY π
This skill contains powerful security testing techniques. Use only for:
Unauthorized use is illegal and unethical.
Use when you need to run Flow type checking, or when seeing Flow type errors in React code.
Use when you want to validate changes before committing, or when you need to check all React contribution requirements.
Use when feature flag tests fail, flags need updating, understanding @gate pragmas, debugging channel-specific test failures, or adding new flags to React.
Use when you need to check feature flag states, compare channels, or debug why a feature behaves differently across release channels.