insecure-plugin-design
CommunitySecure tool definitions against prompt injection.
Software Engineering#authorization#llm#input-validation#prompt-injection#tool-safety#insecure-plugin-design#plugin-safety
Authorthejefflarson
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Prevents unsafe plugin and tool design patterns from being deployed by LLMs, addressing prompt-injection risks and misconfigurations in tool schemas and handlers.
Core Features & Use Cases
- Enforces strict input validation at the tool boundary using explicit schemas and runtime checks to ensure only safe values reach handlers.
- Verifies internal authorization inside the tool handler and enforces narrow tool capabilities by separating read, write, and delete operations.
- Provides guidelines for safe plugin design across function schemas, middleware, and tool integrations to reduce attack surfaces in LLM-powered plugins.
Quick Start
Inspect your existing tool definitions and apply inline validation, per-tool authorization, and audit logging to prevent prompt-based exploits.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: insecure-plugin-design Download link: https://github.com/thejefflarson/soundcheck/archive/main.zip#insecure-plugin-design Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.