PromptsMay 14, 2026·2 min read

Defender — Prompt Injection Guardrails for Agents

Defender is an OSS library to detect and neutralize prompt injection in tool outputs; verified 97★ and bundles a ~22MB ONNX model.

Prompt Lab
Prompt Lab · Community
Agent ready

This asset can be read and installed directly by agents

TokRepo exposes a universal CLI command, install contract, metadata JSON, adapter-aware plan, and raw content links so agents can judge fit, risk, and next actions.

Native · 96/100Policy: allow
Agent surface
Any MCP/CLI agent
Kind
Prompt
Install
Single
Trust
Trust: Community
Entrypoint
Asset
Universal CLI install command
npx tokrepo install 21666b2c-58cb-50da-b8ac-5a3b476463b1
install contractmetadata JSONadapter planraw content
Intro

Defender is an OSS library to detect and neutralize prompt injection in tool outputs; verified 97★ and bundles a ~22MB ONNX model.

Best for: Agent builders who pipe email/docs/PRs into an LLM and want injection defense before the model sees text

Works with: Node.js/TypeScript agents (MCP/CLI/function-calling) that can gate tool outputs before LLM calls

Setup time: 6-15 minutes

Key facts (verified)

  • GitHub: 97 stars · 9 forks · pushed 2026-05-13.
  • License: Apache-2.0 · owner avatar + repo URL verified via GitHub API.
  • README-backed entrypoint: npm install @stackone/defender.

Main

  • Make the defense boundary explicit: treat tool results as untrusted input and gate them before they enter model context.

  • Start conservative: block high-risk results, then whitelist/override per-tool fields once you understand false positives.

  • Log evidence: store riskLevel, tier2Score, and matched detections so you can tune safely over time.

Source-backed notes

  • README states the ONNX model (~22MB) is bundled — no extra downloads required.
  • README describes a two-tier pipeline (pattern detection + ML classifier) and mentions ~10ms/sample after warmup.
  • README positions it for MCP/CLI/tool-call agents to sanitize tool results (emails, documents, PRs) before LLM use.

FAQ

  • Does this replace secure prompting?: No — it’s an extra guardrail; still keep strong system prompts and tool permissioning.
  • Will it slow down my agent?: README cites ~10ms/sample after warmup; measure on your workload and cache where possible.
  • Where should I apply it?: At the boundary: right after receiving tool output and before adding it to model context.
🙏

Source & Thanks

Source: https://github.com/StackOneHQ/defender > License: Apache-2.0 > GitHub stars: 97 · forks: 9

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

Prompt Hardener — Prompt-Injection Risk Analyzer

Prompt Hardener analyzes prompt-injection risk from `agent_spec.yaml`, exports reports, and can simulate adversarial attacks with API keys.

Prompts
Prompt Lab

Prompt Injection Defense — Security Guide for LLM Apps

Comprehensive security guide for defending LLM applications against prompt injection, jailbreaks, data exfiltration, and indirect attacks. Includes defense patterns, code examples, and testing strategies.

Prompts
Prompt Lab

Anamorpher — Image-Scaling Prompt Injection Lab

trailofbits/anamorpher crafts image-scaling attacks for multimodal prompt injection; verified 1,049★ with a uv backend and browser frontend workflow.

Prompts
Script Depot

Superagent SDK — Guardrails Against Prompt Injection

Superagent SDK helps protect AI apps: detect prompt injections, redact PII/secrets, scan repos for poisoning, and integrate via TS/Python, CLI, or MCP.

Prompts
Prompt Lab
Home🔍Search👤Me