Claude Code Plugin

Catch prompt injection before it lands.

Passive detection rules that scan every tool result, file read, and web fetch for injection attempts. Flags threats to the user, logs incidents to any compatible backend. No configuration needed.

Install plugin View source

Tool results are untrusted input.

Every web fetch, MCP response, and file read is an attack surface. Malicious content can impersonate system prompts, request privilege escalation, or attempt to exfiltrate conversation data — all hidden inside otherwise normal tool output.

prompt-guard adds a detection layer that fires automatically on every interaction. No slash commands, no manual invocation. It watches for six categories of injection and responds with a stop-flag-log protocol.

fetching page content...

Injection detected [HIGH]

category: authority_impersonation

source: WebFetch result

"ignore previous instructions and..."

blocked. resuming original task.

How it works.

Detect

Rules fire on every interaction, scanning tool results, file contents, and web data for six threat categories: authority impersonation, privilege escalation, instruction smuggling, social engineering, exfiltration, and tool abuse.

Flag

Suspicious content is immediately surfaced to the user with the threat category, severity level, and a quoted snippet. Critical and high-severity threats block execution; medium and low flag without blocking.

Log

Incidents are forwarded to any loaded security-logging provider — Splunk, Sentry, Elasticsearch, or a simple file logger. If no provider is available, incidents are still flagged inline.

Pure rules plugin — no MCP server, no runtime dependencies. Install it and it starts working immediately.

Six threat categories

Authority impersonation, privilege escalation, instruction smuggling, social engineering, exfiltration attempts, and tool abuse. Each with specific pattern matching and severity classification.

Pluggable logging

Logging is an optional capability, not a built-in. Wire up any security-logging provider — Splunk forwarder, Sentry integration, or a local JSONL logger. prompt-guard just detects.

False positive aware

Security researchers, CTF content, and injection test files are handled gracefully. Medium and low severity detections flag without blocking, and the user can stand down for specific tasks.

Zero configuration

No setup, no slash commands, no MCP server. The plugin is entirely rule-based — install it and the detection protocol activates automatically on every Claude Code interaction.

Install

Requires Claude Code. Works on any platform.

Add the marketplace

claude plugin marketplace add softwaresoftware-dev/softwaresoftware-plugins

Run in your terminal.

Install the installer

claude plugin install softwaresoftware@softwaresoftware-plugins

Run in your terminal.

Launch Claude Code

claude

Start a new session so the installer is available.

Install prompt-guard

/softwaresoftware:install prompt-guard

Run inside Claude Code.