No comments yet.
Promptinel is a security scanner for prompts. I think the world needs something like this, because prompts are basically executable artifacts and we need to treat them as such. I want to identify as many bad things as I can before a prompt gets anywhere near runtime. Especially when supplying a common prompt repository for friends or colleagues, or when downloading skills from the internet. You can read more about my motivation in the project's readme: https://github.com/CunningFatalist/promptinel?tab=readme-ov-...
Promptinel finds various attack patterns in prompts, for example:
- prompt override and role spoofing patterns
- download-and-execute chains
- template execution and network fetch behavior
- secret exfiltration intent
- invisible Unicode and obfuscation tricks
- local sensitive file references
Check out the rule documentation for more: https://github.com/CunningFatalist/promptinel/blob/main/docs...
I'm really looking forward to feedback from people, who have built linters or security scanners before. Or just feedback from Go people, really. I'm mainly a PHP and TypeScript dev and use Go in my free time, because I find it fun and love the philosophy behind it.
