Static scanner for prompt injection (OWASP LLM01), API key leaks, and jailbreaks in code. Local, fast, no external LLM calls.
Features
Auto-Detect Embedded Prompts: Locates hardcoded LLM prompts in JavaScript, TypeScript, Python, Go, Java, Rust, c# and configuration files automatically.
Security Check (OWASP LLM01/LLM02): Instantly detects Prompt Injections, Developer Modes, role overrides, unicode/base64 obfuscation and exposes them.
CI/CD Gating: Fails hard on Critical vulnerabilities to protect CI pipelines.
Live IDE Feedback: Diagnostics live in your editor bridging directly into the exact same algorithmic rules engine powering the CLI.
Install
1. VS Code Extension
Open VS Code → Extensions → Search "PromptSonar"
2. CLI Tool (Local Developer Usage)
# In the CLI directory
npm link ./packages/cli
promptsonar scan .
VS Code Extension Features
Once the PromptSonar extension is installed, you can scan your code seamlessly from within the editor.
Note: These commands are run from the VS Code Command Palette, NOT your terminal.
Run Health Check:
You can click the ▶ Run PromptSonar Health CheckCodeLens that appears directly above any detected prompt, or use the play button in the Editor Title Menu.
Scan Entire Workspace:
Open the Command Palette (Cmd + Shift + P or Ctrl + Shift + P), type PromptSonar: Scan Entire Workspace, and hit Enter. This will scan all supported files in your project and generate a master HTML security report.
Configuration:
If you find the CodeLenses visually distracting while typing, you can disable them by searching for promptsonar.enableCodeLens in your VS Code settings.
Running Scans (CLI Tool)
# Scan a specific file or directory
promptsonar scan tests/validation/ultimate_injection_test.js
# Output report as JSON to parse programmatically
promptsonar scan . --json > report.json
