API Relay Security Audit

Trust Score 73/100

An 11-step automated security audit for AI API relay/proxy services — detects prompt injection, context truncation, tool-call substitution, stream integrity iss

triggers:audit relayprompt injectionapi relay auditcontext lengthtool substitution

GitHub SKILL.md

What it does

Provides a one-command, structured 11-step audit for third-party AI API relays (OpenAI-compatible or Anthropic-compatible). Tests include infrastructure recon, model enumeration, token-injection measurement, multiple prompt-extraction methods, jailbreak checks, context-length boundary detection, tool-call substitution probes (AC-1.a), error-response leakage scans (AC-2), SSE stream integrity checks, and optional Web3-specific probes. Produces a Markdown risk report.

When to use it

Run this skill when you need to verify the safety of a relay service before using it for sensitive workloads: when suspecting hidden prompt injection, unusual billing/token consumption, context truncation, or when onboarding a new third-party relay. Also use when debugging unexpected model behavior that could stem from proxy tampering.

What's included

Scripts: standalone audit script (audit.py) designed to run with Python3 + curl; the SKILL.md documents CLI usage and flags.
References: threat taxonomy and detailed test descriptions embedded in the SKILL.md; no separate references folder listed.
Instructions: step-by-step guidance for running the audit, interpreting token-delta and extraction scores, and classifying risk (GREEN/YELLOW/RED).

Compatible agents

Security and infra-focused agents, DevOps/infosec tooling integrations, and any agent able to run Python CLI tools and analyze Markdown reports.

Audit Summary

API Relay Security Audit is a comprehensive 14-step automated security audit for testing third-party AI API relay/proxy services for prompt injection, context truncation, tool-call substitution, and other relay threats. The SKILL.md is exceptionally detailed with clear triggers, step-by-step workflow, and risk interpretation tables. The main audit.py script (82KB) is well-structured but uses subprocess.run with shell=True for DNS/WHOIS/SSL lookups and ssl._create_unverified_context() for cert fetching. All 7 scripts failed to run in isolation: audit.py and context-test.py need the api_relay_audit package; build-standalone.py and sync-version.py need a VERSION file; extract-data.py and process_submission.py are CI helpers requiring specific arguments. The curl download pattern in SKILL.md uses -fsSL which is safer than piped shell but still downloads remote code, mitigated by version pinning.

Watch Out

Main audit.py cannot run standalone: requires the api_relay_audit Python package installed
SKILL.md instructs curl download of audit.py from GitHub (version-pinned, but still remote code download)
subprocess.run with shell=True used for infrastructure commands (dig, whois, openssl): shell injection risk if inputs untrusted
ssl._create_unverified_context() used in two places for cert retrieval and HTTP snapshots: disables SSL verification
Several scripts are CI/development tools not meant for direct agent use (build-standalone, collect-metrics, sync-version, process_submission)
Requires API_RELAY_AUDIT_KEY and API_RELAY_AUDIT_URL env vars to actually run an audit

Missing Dependencies

api_relay_audit (module package)

Notes

Legitimate security audit tool for testing API relay services. Security deductions: -12 for shell=True subprocess usage, -10 for ssl._create_unverified_context (2x, contextually justified for an SSL cert audit tool), -6 for curl-based remote code download pattern in SKILL.md instructions. Well-designed for its purpose. Scripts are development/CI helpers rather than agent-facing tools, slightly reducing out-of-box quality. Architecture is strong with good frontmatter, clear separation, progressive disclosure. Usefulness is high: API relay security auditing is a genuine and growing need in the AI ecosystem.

Information

Repository: api-relay-audit
Stars: 427

Trust Score

Overall73

Security72

Code Quality72

Architecture78

Usefulness85

Related Skills

TradeOS

Natural-language driven CEX trading and portfolio management for agents: API key vaulting, multi-exchange orders, DCA, arbitrage scanning, alerts and security r

ezBookkeeping API Tools

Command-line API tools for ezBookkeeping: record and query transactions, retrieve accounts/categories/tags, and fetch exchange rates for self-hosted personal fi

Java 25 & Spring Boot 4 Code Reviewer

Run focused, evidence-based code reviews for Java 25 and Spring Boot 4 projects — migration risks, architecture boundaries, null-safety (JSpecify), security, an

ArcKit — French Public Procurement (fr-marche-public)

Generates French public procurement (Dossier de Consultation des Entreprises) drafts aligned with the Code de la Commande Publique, UGAP frameworks, and DINUM d

ArcKit Architecture Conformance

Run a systematic architecture conformance assessment that compares ADRs and principles against HLD/DLD artifacts to surface drift, violations, and technical deb

Speak Security Basics

Security best practices for integrating Speak: API key management, audio data privacy, student data protection, and COPPA/FERPA compliance for production deploy

RemoFirst — Core Workflow A

Onboarding workflow for RemoFirst: create employee records, upload compliance documents, and track country-specific onboarding status.

Juicebox Common Errors

Identify and remediate common Juicebox API errors (authentication, quotas, rate limits, invalid queries) with quick diagnostics and fixes.

Back to Skills