Skills
Move prompt-injection defense from the prompt layer to the runtime with ClawGuard
ClawGuard argues that prompt-layer guardrails are inherently bypassable and instead enforces defense at the runtime/tool-execution boundary — gating what an agent is actually allowed to *do* when acting on potentially-poisoned content, limiting blast radius rather than trying to perfectly detect every injection. This aligns with the 2026 consensus of concentric layers that assume one layer will be breached. The skill: pair input detection (PromptArmor-style) with a runtime allow-list on tool calls so a successful injection still can't trigger destructive or exfiltrating actions.
Source
↳ Follow the thread