api-relay-audit

What problem does it solve?

It helps you determine whether a third-party AI API relay/proxy is altering your request or response in unsafe ways, including hidden prompt injection, prompt leakage, instruction override, context truncation, tool-call/package substitution, error-response data leakage, SSE stream integrity anomalies, and Web3-specific prompt injection risks.

Core Features & Use Cases

• Run a local end-to-end relay security audit: produces a structured Markdown report that summarizes findings with an overall LOW/MEDIUM/HIGH risk verdict.
• Detect security-critical tampering patterns: token-delta hidden prompt injection, prompt extraction attempts, identity hijacking for Chinese-market substitutes, tool-call/package substitution (AC-1.a), and error-response header/body leakage (AC-2 adjacent).
• Validate end-to-end behavior: context truncation via canary markers with coarse scan + binary search, SSE stream integrity invariants for Anthropic streaming, plus infrastructure fingerprinting and latency variance (informational checks).
• Use cases: audit a relay you plan to trust, compare multiple proxy providers, verify whether a relay blocks prompt exfiltration, and assess Web3 wallet-safety risks when agents sign or transfer.

Quick Start

Download and run the standalone audit by executing one command that fetches audit.py and immediately starts the audit using your relay base URL and API key.