The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill acts as an intercepting proxy for agent traffic, creating a surface for indirect prompt injection where malicious content in outbound requests could attempt to influence the LLM judge's decision.
Ingestion points: Intercepts all outbound HTTP/HTTPS traffic from agents at :8080 (SKILL.md).
Boundary markers: Uses natural-language security policies with defined ALLOWED/DENIED sections to guide the LLM judge.
Capability inventory: Can block or allow external API access based on evaluation; performs comprehensive audit logging of request/response data to a PostgreSQL database.
Sanitization: Implements deterministic static rules (prefix/glob/exact) and SSRF protection (CIDR filtering) to validate requests before they reach the LLM evaluation layer.
[EXTERNAL_DOWNLOADS]: Fetches the CrabTrap proxy container image from Brex's official Quay.io repository and references the project source code on GitHub.
[COMMAND_EXECUTION]: Provides instructions for running Docker Compose to deploy the proxy and database, along with CLI commands for user management and database migrations.

crabtrap-llm-proxy