# Prompt Hardener — Prompt-Injection Risk Analyzer > Prompt Hardener analyzes prompt-injection risk from `agent_spec.yaml`, exports reports, and can simulate adversarial attacks with API keys. ## Install Paste the prompt below into your AI tool: ## Quick Use ```bash uv tool install https://github.com/cybozu/prompt-hardener/releases/download/v0.6.0/prompt_hardener-0.6.0-py3-none-any.whl cp examples/chatbot-minimal/agent_spec.yaml ./agent_spec.yaml prompt-hardener validate agent_spec.yaml prompt-hardener analyze agent_spec.yaml --format markdown prompt-hardener report analyze.json -f html -o report.html ``` ## Intro Prompt Hardener analyzes prompt-injection risk from `agent_spec.yaml`, exports reports, and can simulate adversarial attacks with API keys. **Best for:** agent builders who want a repeatable security checklist for prompts/tools/architecture **Works with:** Python, pipx/uv, YAML specs, CI pipelines (Markdown/HTML/JSON outputs) **Setup time:** 8-15 minutes ### Key facts (verified) - GitHub: 51 stars · 7 forks · pushed 2026-05-12. - License: Apache-2.0 · owner avatar + repo URL verified via GitHub API. - README-verified entrypoint: `pipx install https://github.com/cybozu/prompt-hardener/releases/download/v0.6.0/prompt_hardener-0.6.0-py3-none-any.whl`. ## Main - Start deterministic: `validate` + `analyze` give you a static run without any LLM API key (per README). - When you want to test defenses, use `simulate` on a hardened spec to run adversarial scenarios (README notes this is LLM-backed). - Treat the output as CI artifacts: export Markdown/HTML/JSON and diff runs over time to track regressions. ### Source-backed notes - README describes a single workflow driven by `agent_spec.yaml` and supports exports as Markdown/HTML/JSON. - README quick start copies an example spec and runs `prompt-hardener validate` and `prompt-hardener analyze` without API keys. - README lists which commands require API keys (`simulate` yes; many others no). ### FAQ - **Do I need an API key for analysis?**: No — README says `validate`/`analyze` are deterministic and do not require keys. - **What file do I write?**: An `agent_spec.yaml` describing your system, as shown in the README examples. - **Can I export a report?**: Yes — `report` renders JSON results to HTML/Markdown/JSON per README. ## Source & Thanks > Source: https://github.com/cybozu/prompt-hardener > License: Apache-2.0 > GitHub stars: 51 · forks: 7 --- ## Quick Use ```bash uv tool install https://github.com/cybozu/prompt-hardener/releases/download/v0.6.0/prompt_hardener-0.6.0-py3-none-any.whl cp examples/chatbot-minimal/agent_spec.yaml ./agent_spec.yaml prompt-hardener validate agent_spec.yaml prompt-hardener analyze agent_spec.yaml --format markdown prompt-hardener report analyze.json -f html -o report.html ``` ## Intro Prompt Hardener 通过 `agent_spec.yaml` 分析 prompt 注入风险,支持确定性静态检查与报告导出;配置 API key 后还可运行对抗模拟,验证防护效果。 **Best for:** 想要可复现的 prompt/tool/架构安全检查清单的开发者 **Works with:** Python;pipx/uv;YAML 规格文件;CI(Markdown/HTML/JSON 输出) **Setup time:** 8-15 minutes ### Key facts (verified) - GitHub:51 stars · 7 forks;最近更新 2026-05-12。 - 许可证:Apache-2.0;作者头像与仓库链接均已通过 GitHub API 复核。 - README 中核对过的入口命令:`pipx install https://github.com/cybozu/prompt-hardener/releases/download/v0.6.0/prompt_hardener-0.6.0-py3-none-any.whl`。 ## Main - 先走确定性流程:按 README,`validate` + `analyze` 不需要 LLM API key 就能跑完整静态分析。 - 需要验证防护效果时,对 hardened spec 执行 `simulate`(README 说明该步骤需要 API key)。 - 把输出当 CI 产物:导出 Markdown/HTML/JSON,并用 `diff` 追踪安全回归。 ### Source-backed notes - README 说明流程由 `agent_spec.yaml` 驱动,并支持导出 Markdown/HTML/JSON。 - README 的 Quick start 通过复制示例 spec,执行 `validate` 与 `analyze`(无需 API key)。 - README 列出哪些命令需要 API key(如 `simulate`)。 ### FAQ - **做静态分析需要 API key 吗?**:不需要。README 说明 `validate`/`analyze` 为确定性流程。 - **需要写什么文件?**:写 `agent_spec.yaml` 描述系统,README 有示例。 - **能输出报告吗?**:能。README 说明 `report` 可渲染为 HTML/Markdown/JSON。 ## Source & Thanks > Source: https://github.com/cybozu/prompt-hardener > License: Apache-2.0 > GitHub stars: 51 · forks: 7 --- Source: https://tokrepo.com/en/workflows/prompt-hardener-prompt-injection-risk-analyzer Author: Prompt Lab