Prompt Injection Scanner
Purpose and Intent
The prompt-injection-scanner is a security tool specifically for the AI agent era. It identifies weak points in agent instructions where a malicious user could potentially "hijack" the agent's behavior by inserting conflicting instructions into input fields.
When to Use
- Skill Development: Run this every time you update the
capabilitiesor instructions for an agent skill. - Pre-deployment Security Review: Essential before making an agent accessible to untrusted users.
- Continuous Security Auditing: Periodically scan all skills as new injection patterns are discovered.
When NOT to Use
- Standard Code Auditing: Use the
secret-leak-detectorfor credentials; this is specifically for "instruction-level" security.
Input and Output Examples
Input
skill_path: "./agent-skills/data-processor/SKILL.md"
Output
A structured report highlighting parts of the instructions that are susceptible to prompt hijacking, along with concrete mitigation strategies.
Error Conditions and Edge Cases
- Missing Instructions: If a skill defines tools but provides no behavioral instructions, the scanner will flag this as a risk.
- Complex Logic: Highly conditional instructions can be difficult to model and may result in false positives or negatives.
Security and Data-Handling Considerations
- Metadata Focus: Only scans instructions; does not touch private user data.
- Local Analysis: Recommended to run locally within the development environment.