Metadata-Version: 2.4
Name: prompt-injection-blocker
Version: 0.1.0
Summary: Read-only scanner for prompt-injection and LLM anti-analysis text in files before agent review
Author: Dragon Lady
License: MIT License
        
        Copyright (c) 2026 Dragon-Lady
        
        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:
        
        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.
        
        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
Project-URL: Homepage, https://github.com/Dragon-Lady/prompt-injection-blocker
Project-URL: Repository, https://github.com/Dragon-Lady/prompt-injection-blocker
Project-URL: Issues, https://github.com/Dragon-Lady/prompt-injection-blocker/issues
Keywords: security,prompt-injection,llm,ai-agents,promptware,anti-analysis,scanner
Classifier: Development Status :: 3 - Alpha
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: Operating System :: OS Independent
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE
Provides-Extra: dev
Requires-Dist: pytest<10,>=8; extra == "dev"
Dynamic: license-file

# Prompt Injection Blocker

Read-only scanner for prompt-injection and LLM anti-analysis text in files
before agent review.

This tool is meant for defensive intake: copied advisories, incident notes,
third-party repositories, docs, issues, and fixtures that may contain text aimed
at overriding an AI assistant or suppressing analysis.

It does not remove files, modify content, execute code, contact registries, or
prove that content is safe.

## Install

```sh
pipx install prompt-injection-blocker
# or
pip install prompt-injection-blocker
```

Python 3.9+. No runtime dependencies.

## Usage

```sh
prompt-injection-blocker /path/to/project
prompt-injection-blocker /path/to/project --json
prompt-injection-blocker /path/to/project --report report.json
```

From a source checkout:

```sh
python -m prompt_injection_blocker /path/to/project
pip install -e ".[dev]" && pytest
```

Exit codes:

- `0`: no blocking promptware patterns found
- `1`: usage or runtime error
- `2`: blocking promptware patterns found

## What It Flags

- prompt-injection text that tries to override prior/system/developer
  instructions
- text asking an agent to reveal secrets, hidden instructions, environment
  variables, or tokens
- text trying to make an agent run commands or fetch external content
- LLM-targeted anti-analysis language that tells scanners not to report
  suspicious content
- broad repo-local agent instruction language that deserves review before
  opening a path in automated agents

The rules are intentionally conservative. A finding means "do not feed this raw
text into an agent," not "this file is malware."

## Safe Handling

- Do not paste flagged text into agents in raw form.
- Summarize or defang prompt-injection text before sharing with the team.
- If this appears in a third-party repository, do not open the repo in agents or
  editors until reviewed.
- If a test needs one of these markers, split or encode it so the test remains
  meaningful without carrying live promptware. This codebase stores all of its
  own detection markers split and joins them at runtime; keep that discipline
  when adding rules.

## Scope Limits

This scanner only checks text-like files and known phrase families. It will not
detect every possible prompt-injection attempt, encoded payload, image-only
instruction, or model-specific attack.
