fizzgig__prompt_injection_scan
flags prompt content for injection-vector smells.
your app fetches user-controlled content (an email body, a scraped page, a tool response) and forwards it into a prompt. somewhere in that content is IGNORE PREVIOUS INSTRUCTIONS. now your assistant is doing whatever the attacker asked.
6 categories with content-type-aware severity: system-prompt overrides, role breakouts, jailbreak personas, prompt-extraction attempts, capability exploits, indirect-injection payloads. Weighs each by content_type (user_input, fetched_content, prompt_template, tool_response) so risk grades scale with where the content came from.
treat fetched content as adversarial. the AI didn't, and won't, unless you check.
caught a policy that would have leaked every user's comments. shipped a fix in 4 minutes.
first tool i installed. it's the one that pays for itself.
works great. one false positive on a join table — easy to ignore.
{
"fizzgig": {
"url": "https://mcp.fizzgig.ai",
"tools": ["prompt_injection_scan"]
}
}