Skip to content
| Marketplace
Sign in
Visual Studio Code>Linters>PromptSonarNew to Visual Studio Code? Get it now.
PromptSonar

PromptSonar

promptsonar-tools

|
27 installs
| (0) | Free
Static scanner for prompt injection (OWASP LLM01), API key leaks & jailbreaks in code. Local, fast, no LLM calls.
Installation
Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.
Copied to clipboard
More Info

PromptSonar VS Code Extension

Inline prompt-security diagnostics for VS Code.

PromptSonar scans AI prompts and agent instructions locally while you work. It uses the same static rules as the CLI and makes zero LLM calls.

Install

Install from the marketplace:

https://marketplace.visualstudio.com/items?itemName=promptsonar-tools.promptsonar

Features

  • Inline diagnostics for detected prompt risks.
  • Live diagnostics for .prompt, .md, .txt, .json, .yaml, .yml, agent instruction, system prompt, and MCP config files.
  • PromptSonar Activity Bar workbench with Execution Path, Workflow Evidence, Confidence, Root Cause, Workflow Diff, and MCP risk sections.
  • Command Palette actions: scan current file, open execution path, show workflow diff, export SARIF, copy report, copy execution path, and open playground.
  • Deterministic quick fixes for wildcard permissions, autoExecute, hardcoded credentials, and untrusted user input patterns.
  • Workspace scan command from the Command Palette.
  • Local static rules for prompt injection, Unicode evasion, secrets, structure, and clarity.
  • Same rule family as @promptsonar/cli.

Manual Test

Run the extension locally:

npm install
npm run build --workspace packages/vscode-extension
code packages/vscode-extension

In VS Code, press F5 to launch the Extension Development Host, then create mcp.json:

{
  "mcpServers": {
    "shell": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-filesystem", "/"],
      "autoExecute": true,
      "approvalRequired": false,
      "permissions": ["*"],
      "capabilities": ["shell", "filesystem", "network"]
    }
  }
}

Expected results:

  • Problems panel shows PromptSonar MCP diagnostics while typing.
  • PromptSonar Activity Bar shows the live execution path, evidence, confidence, root cause, and MCP risk.
  • PromptSonar: Show Workflow Diff opens a Markdown diff report.
  • PromptSonar: Apply Fix + Show Workflow Diff applies deterministic fixes (when available) and opens a before/after diff report.
  • PromptSonar: Export SARIF writes promptsonar-vscode.sarif next to the active file.
  • Quick Fix offers deterministic safer rewrites where matching text exists.

CLI Pairing

npm install -g @promptsonar/cli
promptsonar scan .

Main documentation: https://github.com/meghal86/promptsonar

  • Contact us
  • Jobs
  • Privacy
  • Manage cookies
  • Terms of use
  • Trademarks
© 2026 Microsoft