1
Paste your system prompt / agent instructions
Tip: include tool list + “when to call tools” rules.
2
Select your agent’s real capabilities
These change the blast radius (not the injection risk).
3
Run injection test
Static attacks • No API calls • Instant
—
—
Results
—
—
What could go wrong
If a prompt injection lands, your agent could do this:
No unsafe tool execution detected for the selected capabilities.
Impact
Why we flagged this
Simple guardrail checks in your prompt.
Quick fixes
Prompts are not a security boundary. Enforce this at runtime.
Protect your agent with OnceOnly →
Tool allowlists • Approval gates • Policies • Kill switch
Show an example injection
Injection attempt
—
Agent response (simulated):
—
Would trigger:
Advanced: all attack simulations
Advanced: scoring details
Learn (prompt injection basics)
What is prompt injection
Prompt injection is when untrusted text (a user message, web page, email, ticket, document, or tool output) tricks an LLM agent into ignoring your intended instructions and doing something else — often a tool action.
How to test AI agent security
Start with static “known bad” attacks (like this tool), then graduate to adversarial testing with real models. The metric that matters is: would it execute tools without approval?
Preventing tool abuse in LLM agents
Treat tools like production privileges: require explicit approvals for sensitive actions, limit tool scope, and enforce policies outside the model (so jailbreaks can’t bypass them).
Why agents need execution policies
Prompts are not security boundaries. An execution policy layer blocks destructive or exfiltration actions even when the model is compromised.