toby-bridges

toby-bridges / api-relay-audit

Public

Security audit tool for third-party AI API relay/proxy services. Detects hidden prompt injection, prompt leakage, instruction override, and context truncation.

16
3
100% credibility
Found Mar 30, 2026 at 16 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

A standalone security auditing tool that evaluates third-party AI proxy services for issues like hidden prompt injection, instruction overrides, and context truncation.

How It Works

1
🔍 Find the safety checker

You hear about a free tool that tests AI services to see if they're secure and honest.

2
📥 Grab the checker easily

Download the testing script with one quick command, no setup needed.

3
🔑 Enter your details

Share your AI service login and the address of the service you want to check.

4
🚀 Launch the full check

Run the tool and watch it automatically test for hidden tricks, leaks, and limits.

5
📋 See the detailed report

Get a clear summary with colors showing risks: green for safe, yellow for caution, red for danger.

Make a smart choice

Now you confidently know if the service is safe to use for your AI needs.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 16 to 16 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is api-relay-audit?

This Python tool audits third-party AI API relays and proxies for security flaws like hidden prompt injection, prompt leakage, instruction overrides, and context truncation. Point it at a base URL and API key via a zero-install one-liner—curl the script and run with Python 3.7+—and it delivers a Markdown report with risk levels (low/medium/high) after seven targeted tests, including infra recon and model listing. Works with Anthropic and OpenAI formats out of the box, auto-detecting endpoints.

Why is it gaining traction?

Unlike generic security audit software, it focuses on AI-specific attacks like jailbreaks and token deltas, skipping broad scanners for precise API probing. The curl-only standalone script means instant testing without deps, plus CLI flags for skipping steps or outputting reports, making it a quick win over manual checks or GitHub security scanning setups. Devs love the structured MD output for sharing in security audit logs or GitHub security advisories.

Who should use this?

Security auditors and DevOps teams vetting AI API proxies before production deployment. AI engineers at startups routing through relays for cost savings or privacy, needing to confirm no prompt leaks or context cuts. Anyone integrating untrusted services via GitHub projects or security github repositories.

Verdict

Grab it for fast API audits—solid docs, 80+ tests, and MIT license make it reliable despite 16 stars and 1.0% credibility score. Early-stage but practical; cross-check high-risk flags manually before trusting in prod.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.