from api-relay-audit427
An 11-step automated security audit for AI API relay/proxy services — detects prompt injection, context truncation, tool-call substitution, stream integrity iss
Provides a one-command, structured 11-step audit for third-party AI API relays (OpenAI-compatible or Anthropic-compatible). Tests include infrastructure recon, model enumeration, token-injection measurement, multiple prompt-extraction methods, jailbreak checks, context-length boundary detection, tool-call substitution probes (AC-1.a), error-response leakage scans (AC-2), SSE stream integrity checks, and optional Web3-specific probes. Produces a Markdown risk report.
Run this skill when you need to verify the safety of a relay service before using it for sensitive workloads: when suspecting hidden prompt injection, unusual billing/token consumption, context truncation, or when onboarding a new third-party relay. Also use when debugging unexpected model behavior that could stem from proxy tampering.
audit.py) designed to run with Python3 + curl; the SKILL.md documents CLI usage and flags.Security and infra-focused agents, DevOps/infosec tooling integrations, and any agent able to run Python CLI tools and analyze Markdown reports.
This skill has not been reviewed by our automated audit pipeline yet.
