Documentation
API Endpoint
POST /api/scan
Submit raw SKILL.md content to receive an instant security analysis.
Request Body
{
"content": "string (max 100,000 chars)"
}Response
{
"score": 0-100,
"risk": "low" | "medium" | "high" | "critical",
"findings": [
{
"severity": "critical" | "high" | "medium" | "low",
"type": "prompt_injection" | "data_exfiltration" | ...,
"detail": "..."
}
]
}Detection Categories
- • Prompt Injection — role override, jailbreak, DAN mode
- • Data Exfiltration — suspicious external network calls
- • Base64 Obfuscation — encoded payloads
- • Hardcoded Secrets — API keys, tokens, credentials
- • Code Execution — eval, exec, subprocess, shell
- • File System Access — .env, /etc/passwd, SSH keys