Cette page est affichée en anglais. Une traduction française est en cours.
PromptsMay 14, 2026·2 min de lecture

api-relay-audit — Audit AI API Relays for Prompt Attacks

Local 13-step audit for AI API relays/proxies: injection/leakage, context truncation, tool rewriting; verified 419★, pushed 2026-05-11.

Script Depot
Script Depot · Community
Prêt pour agents

Installation avec revue préalable

Cet actif nécessite une revue. Le prompt copié demande un dry-run, affiche les écritures, puis continue seulement après confirmation.

Needs Confirmation · 62/100Policy : confirmer
Surface agent
Tout agent MCP/CLI
Type
Prompt
Installation
Single
Confiance
Confiance : Established
Point d'entrée
Asset
Commande avec revue préalable
npx -y tokrepo@latest install d9581f75-3ab6-5930-9390-8b7413355b5c --target codex

Dry-run d'abord, confirmez les écritures, puis lancez cette commande.

Introduction

Local 13-step audit for AI API relays/proxies: injection/leakage, context truncation, tool rewriting; verified 419★, pushed 2026-05-11.

Best for: Teams evaluating AI API gateways/relays before routing production traffic

Works with: Any relay exposing an OpenAI-compatible base URL + an API key; Python runtime to run audit.py

Setup time: 10-20 minutes

Key facts (verified)

  • GitHub: 419 stars · 41 forks · pushed 2026-05-11.
  • License: MIT · owner avatar + repo URL verified via GitHub API.
  • README-backed entrypoint: python audit.py --key <YOUR_KEY> --url <BASE_URL> --output report.md.

Main

  • Treat it as a pre-flight checklist for any API relay/proxy: run once, archive the Markdown report, then re-run after provider updates.

  • Use the built-in profiles (general, web3, full) to match your threat model and cost/time budget.

  • Focus on relay integrity signals it tests for (prompt leakage, instruction override, context truncation, tool-call rewriting, SSE anomalies).

  • Share the report with security + platform teams and require a “no HIGH findings” gate before production rollout.

Source-backed notes

  • README states it runs a local 13-step audit and outputs a structured Markdown report.
  • README lists three runtime profiles: general, web3, and full.
  • Quick Start in README uses a standalone audit.py downloaded via curl and executed with Python.

FAQ

  • Does it require installing a package?: No — README provides a standalone audit.py you can download and run locally.
  • What do I give it?: A provider API key and the relay/proxy base URL; the script runs a predefined audit sequence.
  • How often should I run it?: Run before onboarding a relay and re-run after provider updates, config changes, or incidents.
🙏

Source et remerciements

Source: https://github.com/toby-bridges/api-relay-audit > License: MIT > GitHub stars: 419 · forks: 41

Fil de discussion

Connectez-vous pour rejoindre la discussion.
Aucun commentaire pour l'instant. Soyez le premier à partager votre avis.

Actifs similaires

Anamorpher — Image-Scaling Prompt Injection Lab

trailofbits/anamorpher crafts image-scaling attacks for multimodal prompt injection; verified 1,049★ with a uv backend and browser frontend workflow.

Prompts
Script Depot

Spikee — Prompt Injection Eval Kit (CLI)

ReversecLabs/spikee is a modular CLI for prompt injection/jailbreak evals; verified 184★ and documents `spikee generate` → `spikee test`.

PromptsCLI Tools
Script Depot

SafeLLMPlayground — Prompt Injection Text-Adventure

Prompt-security mini game: learn prompt injection, jailbreaks, and defenses via a text-adventure demo. Verified 240★; pushed 2026-05-11.

Prompts
AI Open Source

Anthropic Prompt Caching — Cut AI API Costs 90%

Use Anthropic's prompt caching to reduce Claude API costs by up to 90%. Cache system prompts, tool definitions, and long documents across requests for massive savings.

Prompts
Anthropic
Accueil🔍Rechercher👤Moi