fix(skills): mcp-generate user skill triggers false-positive system_prompt_leak WARN on startup #2274
Description
Summary
After PR #2273, the `browser` bundled skill no longer produces injection scan WARNs.
However, the user-installed `mcp-generate` skill still triggers a false-positive WARN on every startup:
```
WARN zeph_skills::registry: skill content scan: potential injection patterns found skill=mcp-generate count=1 patterns=["system_prompt_leak"]
WARN zeph_core::bootstrap: skill content scan complete: 1 skill(s) with potential injection patterns count=1
```
Root Cause
`mcp-generate` is not a bundled skill (absent from `crates/zeph-skills/skills/`) and therefore has no `.bundled` marker. The PR #2273 fix only suppresses WARNs for skills with a `.bundled` marker.
The triggering line in `mcp-generate/SKILL.md`:
```
4. When a user query matches an MCP tool, it appears in the system prompt
```
This is legitimate technical documentation, not an injection attempt.
Expected Behavior
No WARN for `mcp-generate` on startup (false-positive).
Proposed Fix
Option A (preferred): Add `mcp-generate` as a bundled skill in `crates/zeph-skills/skills/`. It is already installed on this system and documents MCP configuration — a core feature.
Option B: Tune the `system_prompt_leak` regex in `SecurityPatterns` to require more specific indicators (e.g., imperative form like "reveal system prompt", "output system prompt") rather than matching benign mentions of "system prompt".
Steps to Reproduce
- Install `mcp-generate` skill manually (without `.bundled` marker).
- `cargo run --features full -- --config .local/config/testing.toml`
- Observe WARN on startup.
Related
- PR fix(skills): suppress false-positive injection WARN for bundled skills #2273 (partial fix for fix(skills): bundled skill content scanner generates false-positive WARN for security-awareness text in SKILL.md #2272)
- Issue fix(skills): bundled skill content scanner generates false-positive WARN for security-awareness text in SKILL.md #2272 (closed by PR fix(skills): suppress false-positive injection WARN for bundled skills #2273, browser skill fixed)
Verified
CI-230 live session, 2026-03-27.