Esta página se muestra en inglés. Una traducción al español está en curso.
PromptsMay 14, 2026·2 min de lectura

api-relay-audit — Audit AI API Relays for Prompt Attacks

Local 13-step audit for AI API relays/proxies: injection/leakage, context truncation, tool rewriting; verified 419★, pushed 2026-05-11.

Script Depot
Script Depot · Community
Listo para agents

Instalación con revisión previa

Este activo requiere revisión. El prompt copiado pide dry-run, muestra escrituras y continúa solo tras confirmación.

Needs Confirmation · 62/100Política: confirmar
Superficie agent
Cualquier agent MCP/CLI
Tipo
Prompt
Instalación
Single
Confianza
Confianza: Established
Entrada
Asset
Comando con revisión previa
npx -y tokrepo@latest install d9581f75-3ab6-5930-9390-8b7413355b5c --target codex

Primero dry-run, confirma las escrituras y luego ejecuta este comando.

Introducción

Local 13-step audit for AI API relays/proxies: injection/leakage, context truncation, tool rewriting; verified 419★, pushed 2026-05-11.

Best for: Teams evaluating AI API gateways/relays before routing production traffic

Works with: Any relay exposing an OpenAI-compatible base URL + an API key; Python runtime to run audit.py

Setup time: 10-20 minutes

Key facts (verified)

  • GitHub: 419 stars · 41 forks · pushed 2026-05-11.
  • License: MIT · owner avatar + repo URL verified via GitHub API.
  • README-backed entrypoint: python audit.py --key <YOUR_KEY> --url <BASE_URL> --output report.md.

Main

  • Treat it as a pre-flight checklist for any API relay/proxy: run once, archive the Markdown report, then re-run after provider updates.

  • Use the built-in profiles (general, web3, full) to match your threat model and cost/time budget.

  • Focus on relay integrity signals it tests for (prompt leakage, instruction override, context truncation, tool-call rewriting, SSE anomalies).

  • Share the report with security + platform teams and require a “no HIGH findings” gate before production rollout.

Source-backed notes

  • README states it runs a local 13-step audit and outputs a structured Markdown report.
  • README lists three runtime profiles: general, web3, and full.
  • Quick Start in README uses a standalone audit.py downloaded via curl and executed with Python.

FAQ

  • Does it require installing a package?: No — README provides a standalone audit.py you can download and run locally.
  • What do I give it?: A provider API key and the relay/proxy base URL; the script runs a predefined audit sequence.
  • How often should I run it?: Run before onboarding a relay and re-run after provider updates, config changes, or incidents.
🙏

Fuente y agradecimientos

Source: https://github.com/toby-bridges/api-relay-audit > License: MIT > GitHub stars: 419 · forks: 41

Discusión

Inicia sesión para unirte a la discusión.
Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados

Anamorpher — Image-Scaling Prompt Injection Lab

trailofbits/anamorpher crafts image-scaling attacks for multimodal prompt injection; verified 1,049★ with a uv backend and browser frontend workflow.

Prompts
Script Depot

Spikee — Prompt Injection Eval Kit (CLI)

ReversecLabs/spikee is a modular CLI for prompt injection/jailbreak evals; verified 184★ and documents `spikee generate` → `spikee test`.

PromptsCLI Tools
Script Depot

SafeLLMPlayground — Prompt Injection Text-Adventure

Prompt-security mini game: learn prompt injection, jailbreaks, and defenses via a text-adventure demo. Verified 240★; pushed 2026-05-11.

Prompts
AI Open Source

Anthropic Prompt Caching — Cut AI API Costs 90%

Use Anthropic's prompt caching to reduce Claude API costs by up to 90%. Cache system prompts, tool definitions, and long documents across requests for massive savings.

Prompts
Anthropic
Inicio🔍Buscar👤Yo