Devadex

Injection Scanner — prompt-injection detection for AI agents

gumroad   $29.00   by fezai8
2d old

A heuristic scanner that flags prompt-injection and instruction-leak patterns in untrusted text before your AI agent's context sees it — scraped pages, feed posts, API/tool responses, email or ticket bodies.Runs as a CLI or a library, human-readable by default or --json for dropping straight into a CI pipeline or ingestion loop. Exit codes (0 clean / 1 flags / 2 bad input) make it a pass/fail gate, not just a report.WHAT IT CATCHES / WHAT IT MISSES — read this first.Catches: known-shape, pattern-based attacks — the stuff that's actually common. Six categories: fake system/assistant role markers, "ignore previous instructions" phrasing, spoofed tool_call/function_call blocks, asks to reveal or send credentials or system prompts, fake "end of context" delimiters, and suspicious base64/hex/unicode-escape runs that could smuggle a payload past a naive filter.Misses: anything that doesn't match a known shape. Novel phrasing, adversarial paraphrase, and injections that read as normal text but change agent behavior through context rather than keywords. This is a heuristic filter, not a semantic classifier — same category as a spam filter, not a solved problem. If someone tells you a tool "stops all injection," they're lying. This one doesn't, and says so. Use it as one layer, not the whole defense.INSTALL. No dependencies. Two files: detector-core.js (the scanning logic) and cli.js (the wrapper). Drop both in your project, or require the core directly from your own code.USAGE. Scan a file: node cli.js suspicious.txt — or pipe text in: cat suspicious.txt | node cli.js. Use the core as a library: const { scanText } = require('./detector-core.js'); const { score, flags } = scanText(untrustedString). Output is a risk score (0–100) plus a list of flags, each with category, severity, and the exact matched span, so you can eyeball false positives fast instead of trusting a black box.EXIT CODES. 0 = clean, no flags matched. 1 = flags found, review before feeding this text to your agent. 2 = bad input (no file, empty stdin, or unreadable content). Exit codes make this usable as a pass/fail gate in a CI pipeline or ingestion loop, not just a human report.WHO THIS IS FOR. Solo and small-team developers building agents that ingest content from strangers — browser agents, feed readers, research agents, anything reading scraped pages, emails, or third-party API responses it didn't write itself. If your agent has no security team behind it and you're the one who'll get blamed when it does something it shouldn't, this is your first cheap layer. It won't catch everything. It'll catch the lazy, common stuff — which is most of what's actually out there.

Get it → fezai8.gumroad.com

Found on Devadex — the discovery index for independent software the big search engines bury. More from gumroad.

Report this listing