feat: better explanation

app/api/analyze/prompt.txt

@@ -75,7 +75,8 @@ Respond with ONLY valid JSON (no markdown, no code fences, no explanation):
       "severity": "low" | "medium" | "high" | "critical",
       "title": "<short, specific title>",
       "description": "<1-2 sentences: what the agent would do, WHY this repo motivates it (reference specific files/deps), and the real-world damage>",
-      "command": "<the exact command or action>"
+      "command": "<the exact command or action>",
+      "note": "<ONLY for prompt_injection type: a short note explaining that a sandbox doesn't prevent the injection but blocks the resulting actions. Omit this field for all other finding types.>"
     }
   ]
 }

app/greyscan/page.tsx

@@ -22,6 +22,7 @@ interface Finding {
   title: string
   description: string
   command: string
+  note?: string
 }
 
 interface ThreatReport {
@@ -446,7 +447,7 @@ export default function GamePage() {
                   <div className="w-3 h-3 rounded-full bg-yellow-500/70" />
                   <div className="w-3 h-3 rounded-full bg-green-500/70" />
                   <span className="ml-2 text-xs font-mono text-muted-foreground">
-                    greywall scan
+                    greyscan
                   </span>
                 </div>
 
@@ -584,11 +585,6 @@ export default function GamePage() {
                             <span className={`text-[10px] font-sans font-medium uppercase tracking-wider ${severityColor(finding.severity)}`}>
                               {finding.severity}
                             </span>
-                            {finding.type === 'prompt_injection' && (
-                              <span className="text-[10px] font-sans text-muted-foreground/50 uppercase tracking-wider">
-                                &middot; sandbox limits damage
-                              </span>
-                            )}
                           </div>
                           <h3 className="text-sm font-sans font-medium text-foreground mb-1">
                             {finding.title}
@@ -599,6 +595,11 @@ export default function GamePage() {
                           <code className="text-[11px] font-mono text-muted-foreground/70 bg-background/50 px-2 py-1 rounded break-all inline-block">
                             {finding.command}
                           </code>
+                          {finding.note && (
+                            <p className="text-[11px] text-muted-foreground/50 font-sans mt-2 italic">
+                              {finding.note}
+                            </p>
+                          )}
                         </div>
                       </div>
                     </div>
@@ -610,12 +611,9 @@ export default function GamePage() {
                   <p className="text-xs text-muted-foreground/50 font-sans mb-4">
                     This is not a security certification. It&apos;s a demonstration of what&apos;s possible without a sandbox.
                   </p>
-                  <p className="font-serif text-lg sm:text-xl font-semibold tracking-tight mb-2">
+                  <p className="font-serif text-lg sm:text-xl font-semibold tracking-tight mb-5">
                     Greywall blocks this by default.
                   </p>
-                  <p className="text-xs text-muted-foreground font-serif mb-5">
-                    Container-free sandboxing with real-time observability for AI agents.
-                  </p>
                   <a
                     href="https://github.com/GreyhavenHQ/greywall"
                     target="_blank"