GitHub Repository

Static security scanner for AI prompts, MCP configs, and agent workflows. Zero LLM calls. Local-first. OWASP LLM Top 10 aligned.

4 starsTypeScript

PromptSonar – Static analysis for LLM prompt security

Name: PromptSonar – Static analysis for LLM prompt security
Availability: InStock
Author: meghal86

by meghal86·Mar 12, 2026·1 point·0 comments

Visit Project View on HN

AI Analysis

●●SolidSolve My ProblemShip It

Static scanner catches prompt injections in code before runtime, unlike runtime guards.

Strengths

•SARIF v2.1.0 output enables GitHub Code Scanning integration seamlessly.
•VS Code extension provides immediate feedback during development workflow.
•Covers seven languages including Rust and Go with local execution.

Weaknesses

•Cannot detect runtime-constructed prompts or database-sourced inputs.
•String concatenation evasion bypasses current detection rules easily.

Post Description

I built PromptSonar because I kept seeing LLM security discussions focus entirely on runtime interception — but nobody was scanning the prompt strings written directly into source code before they ship.

PromptSonar is a static analyzer that scans your codebase for prompt injection, jailbreaks, PII leaks, and privilege escalation patterns in LLM prompt strings. It works across TypeScript, JavaScript, Python, Go, Rust, Java, and C#.

What it catches: - Direct prompt injection and jailbreak patterns - Unicode evasion: Cyrillic homoglyphs, zero-width character injection, Base64-encoded jailbreaks - PII exposure in prompts (SSN, credit card, API keys) - Privilege escalation and role manipulation - RAG poisoning patterns - Insecure output handling

Maps findings to OWASP LLM Top 10. Outputs SARIF v2.1.0 for GitHub Code Scanning integration. 100% local, zero telemetry, no API calls.

Available as VS Code extension, CLI, and GitHub Action.

npx @promptsonar/cli scan ./src

I wrote up the Unicode evasion detection methodology separately if anyone is interested in how the normalization pipeline works: https://medium.com/@meghal86/detecting-unicode-homoglyph-and...

Similar Projects

Security●●●Banger

Promptinel – A Security Scanner for Prompts

Deterministic prompt linter flags injection, exfiltration, obfuscation before LLM runs—treats prompts as executable code.

Big BrainZero to OneSolve My Problem

cunningfatalist

103mo ago

Security●●Solid

LLM AuthZ Audit – find auth gaps and prompt injection in LLM apps

Purpose-built LLM security linter covers OWASP Top 10, but static analysis has inherent blind spots.

Big BrainSolve My Problem

iamspathan

104mo ago

Security●●Solid

Scanning 277 AI agent skills for security issues

Secures OpenClaw skills, but the ecosystem might not sustain the moat.

Solve My ProblemNiche Gem

pakmania

233mo ago

Security●●Solid

FireClaw – Open-source proxy defending AI agents from prompt injection

Isolated LLM with no tools or memory makes prompt injection hit a dead end.

Bold BetShip It

raiph_ai

573mo ago

AI/ML●Mid

Fluiq – detect prompt injection, PII, Crescendo attack 2 line of Python

Yet another LLM ops layer when LangSmith, Helicone, and Braintrust already exist.

Ship It

SaurabhKumbhar

2016d ago

Security●●Solid

Skillaudit.sh – A minimalist security auditor for LLM skill definitions

It’s refreshingly focused: rules for prompt injection, hidden HTML comment instructions, exfiltration patterns and even HEAD checks against npm/PyPI for hallucinated packages. The site sells the minimalist ethos — small, audit-first tool for the offensive side of LLM security — but from the page it looks primarily pattern-driven, so expect heuristic false positives and limited context-aware analysis unless the engine goes deeper.

Niche GemSlick

dns

104mo ago