1

    prompt-injection-auditor

    The security auditor for AI agents. Detect prompt injection, secret leaks, and unsafe tool access in SKILL.md files.

    Updated Jun 2026
    0 installs

    Free

    Included in download

    • Downloadable skill package
    • Works with Claude Code, Cursor
    • 1 permission declared
    • Instant install

    Sample input

    Audit my file-manager SKILL.md for any security risks like prompt injection or hardcoded secrets before I deploy it.

    Sample output

    CRITICAL: Unsanitized Shell Execution at line 12: `rm -rf {{directory}}`. Template variable injected directly into shell. Fix: Use allowlist for paths. HIGH: Hardcoded Secret at line 15: `sk-12345...`. Fix: Move to env variables. RESULT: REJECT - Do not deploy.

    About This Skill

    Secure Your Agent Configuration Layer

    Prompt injection is the leading attack vector against AI agents. While traditional security tools scan your application code, they completely miss vulnerabilities hidden within your SKILL.md files, system prompts, and agent configurations. This specialized auditor fills that gap by analyzing the prompt/agent configuration layer where injection attacks, secret leakage, and tool abuse originate.

    Advanced Threat Detection

    The auditor scans for five critical risk categories using pattern-matching logic optimized for LLM instructions:

    • Direct & Indirect Injection: Detects unsanitized shell execution, system prompt override patterns, and unsafe template rendering.
    • Secret Exposure: Flags hardcoded API keys, tokens, and environment variable leaks within prompt text.
    • Overly Permissive Access: Identifies unrestricted filesystem access, missing domain allowlists for web tools, and unbounded recursion loops.
    • Data Exfiltration: Roots out unauthorized web POST capabilities and unsafe file upload patterns.

    Why Developers Need This

    Prompting an AI yourself to "find security holes" is unreliable and lacks a structured framework. This skill provides a reproducible, severity-scored report with specific line references and actionable remediation steps. It supports major agent frameworks including Claude Code, Cursor, and GitHub Copilot, ensuring your custom skills are production-ready and compliant with security standards like OWASP LLM Top 10.

    Use Cases

    • Audit SKILL.md files for prompt injection risks before production deployment.
    • Detect hardcoded API keys and credentials hidden in system prompts.
    • Identify unsafe shell command execution patterns in agent instructions.
    • Harden agent tool configurations by enforcing domain and path allowlists.

    Reviews

    No reviews yet - be the first to share your experience.

    Only users who have downloaded or purchased this skill can leave a review.

    Security Scanned

    Passed automated security review

    Permissions

    Terminal / Shell

    Allowed Hosts

    my-logging-service.com
    agensi.io

    File Scopes

    prompt-injection-auditor/**

    Tags

    prompt-injection
    security
    agent-safety
    skill-audit
    vulnerability-scanner
    devops

    Claude Code, Cursor, and GitHub Copilot

    Frequently Asked Questions

    Learn More About AI Agent Skills

    Free