Prompt Injection Scanner

Purpose and Intent

The prompt-injection-scanner is a security tool specifically for the AI agent era. It identifies weak points in agent instructions where a malicious user could potentially "hijack" the agent's behavior by inserting conflicting instructions into input fields.

When to Use

• Skill Development: Run this every time you update the capabilities or instructions for an agent skill.
• Pre-deployment Security Review: Essential before making an agent accessible to untrusted users.
• Continuous Security Auditing: Periodically scan all skills as new injection patterns are discovered.

When NOT to Use

• Standard Code Auditing: Use the secret-leak-detector for credentials; this is specifically for "instruction-level" security.

Input and Output Examples

Input

skill_path: "./agent-skills/data-processor/SKILL.md"

Output

A structured report highlighting parts of the instructions that are susceptible to prompt hijacking, along with concrete mitigation strategies.

Error Conditions and Edge Cases

• Missing Instructions: If a skill defines tools but provides no behavioral instructions, the scanner will flag this as a risk.
• Complex Logic: Highly conditional instructions can be difficult to model and may result in false positives or negatives.

Security and Data-Handling Considerations

• Metadata Focus: Only scans instructions; does not touch private user data.
• Local Analysis: Recommended to run locally within the development environment.