Summary
Skills in the same functional family (e.g. RFP classify vs synthesize) receive inconsistent severities depending on which analyzer fires first: rfp-classify gets prompt_injection HIGH; rfp-synthesize gets sigma_metadata HIGH only (MCTS-T-1008 tool shadowing — B7). Triage becomes unpredictable; scores vary for equivalent instruction patterns.
Problem
Multiple analyzers scan the same instruction surfaces:
| Analyzer |
Triggers on |
Example pattern |
prompt_injection |
Bearer, extract, override language |
"extract all fields" |
sigma_metadata |
"call", tool shadowing |
"Called once per request" (B7) |
skill_md |
W008 credentials, fetch links |
"password resets" (B8) |
No precedence rules — all analyzers run independently; all findings score (D3).
API service repositories RFP skill family:
.cursor/skills/rfp-classify/SKILL.md → prompt_injection HIGH
.cursor/skills/rfp-synthesize/SKILL.md → sigma_metadata HIGH (different rule)
Same author, same domain, different analyzer outcomes.
Proposed solution
Document rule precedence; unify skill family scoring.
Acceptance Criteria
Summary
Skills in the same functional family (e.g. RFP classify vs synthesize) receive inconsistent severities depending on which analyzer fires first: rfp-classify gets prompt_injection HIGH; rfp-synthesize gets sigma_metadata HIGH only (MCTS-T-1008 tool shadowing — B7). Triage becomes unpredictable; scores vary for equivalent instruction patterns.
Problem
Multiple analyzers scan the same instruction surfaces:
prompt_injectionsigma_metadataskill_mdNo precedence rules — all analyzers run independently; all findings score (D3).
API service repositories RFP skill family:
Same author, same domain, different analyzer outcomes.
Proposed solution
Document rule precedence; unify skill family scoring.
Acceptance Criteria