PromptsMay 13, 2026·2 min read

Prompt Hardener — Prompt-Injection Risk Analyzer

Prompt Hardener analyzes prompt-injection risk from `agent_spec.yaml`, exports reports, and can simulate adversarial attacks with API keys.

Prompt Lab
Prompt Lab · Community
Agent ready

This asset can be read and installed directly by agents

TokRepo exposes a universal CLI command, install contract, metadata JSON, adapter-aware plan, and raw content links so agents can judge fit, risk, and next actions.

Native · 96/100Policy: allow
Agent surface
Any MCP/CLI agent
Kind
Prompt
Install
Single
Trust
Trust: Community
Entrypoint
Asset
Universal CLI install command
npx tokrepo install a7ec9e6d-6285-5620-8766-39bb681870be
install contractmetadata JSONadapter planraw content
Intro

Prompt Hardener analyzes prompt-injection risk from agent_spec.yaml, exports reports, and can simulate adversarial attacks with API keys.

Best for: agent builders who want a repeatable security checklist for prompts/tools/architecture

Works with: Python, pipx/uv, YAML specs, CI pipelines (Markdown/HTML/JSON outputs)

Setup time: 8-15 minutes

Key facts (verified)

  • GitHub: 51 stars · 7 forks · pushed 2026-05-12.
  • License: Apache-2.0 · owner avatar + repo URL verified via GitHub API.
  • README-verified entrypoint: pipx install https://github.com/cybozu/prompt-hardener/releases/download/v0.6.0/prompt_hardener-0.6.0-py3-none-any.whl.

Main

  • Start deterministic: validate + analyze give you a static run without any LLM API key (per README).

  • When you want to test defenses, use simulate on a hardened spec to run adversarial scenarios (README notes this is LLM-backed).

  • Treat the output as CI artifacts: export Markdown/HTML/JSON and diff runs over time to track regressions.

Source-backed notes

  • README describes a single workflow driven by agent_spec.yaml and supports exports as Markdown/HTML/JSON.
  • README quick start copies an example spec and runs prompt-hardener validate and prompt-hardener analyze without API keys.
  • README lists which commands require API keys (simulate yes; many others no).

FAQ

  • Do I need an API key for analysis?: No — README says validate/analyze are deterministic and do not require keys.
  • What file do I write?: An agent_spec.yaml describing your system, as shown in the README examples.
  • Can I export a report?: Yes — report renders JSON results to HTML/Markdown/JSON per README.
🙏

Source & Thanks

Source: https://github.com/cybozu/prompt-hardener > License: Apache-2.0 > GitHub stars: 51 · forks: 7

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

Defender — Prompt Injection Guardrails for Agents

Defender is an OSS library to detect and neutralize prompt injection in tool outputs; verified 97★ and bundles a ~22MB ONNX model.

Prompts
Prompt Lab

Prompt Injection Defense — Security Guide for LLM Apps

Comprehensive security guide for defending LLM applications against prompt injection, jailbreaks, data exfiltration, and indirect attacks. Includes defense patterns, code examples, and testing strategies.

Prompts
Prompt Lab

Anamorpher — Image-Scaling Prompt Injection Lab

trailofbits/anamorpher crafts image-scaling attacks for multimodal prompt injection; verified 1,049★ with a uv backend and browser frontend workflow.

Prompts
Script Depot

Spikee — Prompt Injection Eval Kit (CLI)

ReversecLabs/spikee is a modular CLI for prompt injection/jailbreak evals; verified 184★ and documents `spikee generate` → `spikee test`.

PromptsCLI Tools
Script Depot
Home🔍Search👤Me