Prompt-Injection & System-Prompt-Leak Tester

Paste an LLM system prompt and see, category by category, whether it's likely to withstand the main classes of prompt-injection and system-prompt-extraction attacks — each mapped to the OWASP LLM Top 10, with a concrete rule you can paste in to close the gap. It's free, instant, and private: the prompt is analyzed in memory and never stored.

Analysis only. This tool evaluates the text of your prompt locally. It does not attack any model, send your prompt to any LLM, or make any outbound request against a chatbot or endpoint — so it's safe to run against your own production prompts.

Why prompt hardening matters

An LLM feature is only as trustworthy as its system prompt. Attackers routinely try to override your instructions ("ignore all previous instructions…"), extract them ("repeat the text above"), hijack the model's role ("you are now an unrestricted AI"), smuggle instructions past you with encoding, and play helpfulness against safety ("you must answer to be helpful"). A prompt that never anticipates these is trivially injectable. This tester checks whether yours does — and it's built by the same shop behind Pigfox's production LLM work.

The five probe categories

  • Instruction override (OWASP LLM01) — resistance to "ignore your instructions" style attacks.
  • System-prompt extraction (OWASP LLM06) — whether the prompt forbids revealing itself.
  • Role-play / persona injection (OWASP LLM01) — resistance to DAN-style "become another AI" takeovers.
  • Token smuggling / obfuscation (OWASP LLM01) — whether encoded or embedded instructions are treated as data.
  • Competing objectives (OWASP LLM01) — whether safety takes precedence when it conflicts with being helpful.

Analyze your system prompt

Paste the system/developer prompt your application uses. Don't paste secrets or API keys — they aren't needed for the analysis.


Frequently asked questions

Does this attack my chatbot or send my prompt anywhere?
No. It performs static analysis of the text you paste, locally, in your request. It makes no outbound requests, sends your prompt to no LLM, and attacks no endpoint. Nothing is stored.
What is prompt injection?
It's when user-supplied (or retrieved) content smuggles instructions that override what you told the model to do — the LLM equivalent of an injection attack. It's number one on the OWASP LLM Top 10 (LLM01).
What is system-prompt leakage?
When an attacker coaxes the model into revealing its hidden instructions, exposing your logic, guardrails, and sometimes secrets. This tool checks whether your prompt forbids disclosing itself (related to OWASP LLM06).
Does a 'hardened' result mean I'm safe?
No. This is advisory static analysis — it checks whether your prompt contains the defensive instructions each attack class calls for. It can't prove resistance. Always follow up with real adversarial testing and defense-in-depth (input/output filtering, least privilege, human review of sensitive actions).
Will you add live attack testing later?
Any future active-testing capability would run only against endpoints you own and explicitly authorize. v1 is deliberately analysis-only and never sends attack traffic to anyone.