Show HN: A minimal TS library that generates prompt injection attacks (prompt-injector.blueprintlab.io)

33 points by yaoke259 ↗ HN
I made an open source, MIT license Typescript library based on some of the latest research that generates prompt injection attacks. It is a super minimal/lightweight and designed to be super easy to use.

Keen to hear your thoughts and please be responsible and only pen test systems where you have permission to pen test!

11 comments

[ 4.1 ms ] story [ 27.8 ms ] thread
Was the whole lib and website vibe coded? I can't find any instructions on how to use it, the repo is for the website itself and the readme is AI blurb that doesn't make me any wiser.

  // Test your AI system
  const results = await injector.runTests(yourAISystem);
???

Even the "prompt-injector" NPM package is something completely different. Does this project even exist?

Why did you use something as heavy as SvelteKit for a website with a single page? This doesn't inspire confidence.
Sveltekit is not heavy, it is compiled into lightweight bundles
The website copy is obviously generated, and has not been reviewed for correctness.

The website trumpets "25+ curated prompt injection patterns from leading security research". The README of the linked Github promises: "100+ curated injection patterns from JailbreakBench".

None of the research sources are actually linked for us to review.

The README lists "integrations" with various security-oriented entities, but no such integration is apparent in the code.

The project doesn't earn the credibility it claims for itself. Because the author trusts bad LLM output enough to publish it as their own work, we have to assume that they don't have the knowledge or experience to recognize it as bad output.

Sorry for the bluntness, but there are few classes of HN submission that rankle as much as these polished bits of fluff. My advice: do not use AI to publicly imply abilities or knowledge you don't have; it will never serve you well.

Yes, to be completely honest this is a vibe coded project and I'm by no means a security expert. This was more of a fun, side project/experiment based on a shower thought. I admit it's not good/disingenuous to imply security knowledge, but for what it's worth, I just prompted Claude to research the latest papers on prompt injection and it made the claims on its own. Again this should not be an excuse for not reviewing the AI's output more carefully, so in the future I'll be more careful with LLM output and also present it as a vibe-coded project. Apologies, I'm just a noob in prompt injection security who doesn't know what he's doing :(
Your feedback is valuable and correct, I'll extract the library into /core in the repo and also manually verify all the citations. I'll read into the prompt injection literature more deeply and turn this from a shower thought project into something more mature
I have significantly improved both the library and the demo page, hope this is more useful now!