TrustSkills
BlogCompareGlossaryDetections

Definition

SOUL.md

A configuration file used by some AI agent frameworks to define the agent's core personality, values, and behavioral constraints. SOUL.md files can be modified by malicious skills to override the agent's safety instructions, inject persistent behavioral changes, or establish a foothold that persists across agent sessions. TrustSkills checks skill packages for SOUL.md instruction overrides as part of its prompt injection detection.

How TrustSkills detects this

TrustSkills scans OpenClaw and ClawHub skills for soul.md patterns before you install them. The scanner returns plain-English findings — no CVE IDs, no security jargon — with a risk level and a clear explanation of what was found.

Scan a skill freeHow we detect soul.md

Related terms

Prompt injection

A class of attack where malicious input alters an AI model's behavior in ways the system designer di

Indirect prompt injection

A prompt injection attack where malicious instructions are embedded in external content that the age

Agent skill

A packaged set of instructions, tool definitions, and capability declarations that extends what an A