security-integration-tests
关于
This Claude Skill helps developers work with prompt injection detection integration tests, including running tests, debugging failures, and adding new test samples. It focuses on the security package that uses HuggingFace's Inference API for detection and includes key test files like samples.json and integration test suites. Use this skill when you need to verify detection accuracy with real API calls or maintain the security testing infrastructure.
快速安装
Claude Code
推荐/plugin add https://github.com/alex-ilgayev/MCPSpygit clone https://github.com/alex-ilgayev/MCPSpy.git ~/.claude/skills/security-integration-tests在 Claude Code 中复制并粘贴此命令以安装该技能
技能文档
Security Integration Tests Agent
Overview
The security package (pkg/security/) provides prompt injection detection using the HuggingFace Inference API. Integration tests verify detection accuracy with real API calls.
Key Files
pkg/security/testdata/samples.json- Test data with benign and malicious samplespkg/security/hf/integration_test.go- HF client integration testspkg/security/integration_test.go- Full analyzer integration tests with event buspkg/security/hf/client.go- HuggingFace API client implementationpkg/security/analyzer.go- Main security analyzer that subscribes to MCP events
Running Tests
# Run integration tests (requires HF_TOKEN environment variable)
HF_TOKEN=hf_xxx make test-integration
# Run with custom model
HF_TOKEN=hf_xxx HF_MODEL=protectai/deberta-v3-base-prompt-injection-v2 make test-integration
# Run unit tests only (no API calls, uses mock server)
go test -v ./pkg/security/...
Test Structure
Test Samples (samples.json)
{
"benign_samples": [
{
"description": "Description of the sample",
"text": "The text to analyze",
"expected_detected": false
}
],
"malicious_samples": [
{
"description": "Direct instruction override",
"text": "Ignore all previous instructions...",
"expected_detected": true,
"min_risk_score": 0.5
}
],
"mcp_tool_calls": [
{
"description": "Malicious tool call",
"method": "tools/call",
"params": { "name": "run_command", "arguments": {...} },
"expected_detected": true,
"min_risk_score": 0.5
}
]
}
Integration Test Tags
Integration tests use the build tag //go:build integration and are excluded from regular go test ./... runs.
Adding New Test Samples
- Edit
pkg/security/testdata/samples.json - Add samples to appropriate category (benign_samples, malicious_samples, or mcp_tool_calls)
- Set
expected_detectedand optionallymin_risk_score - Run integration tests to verify
Common Issues
"Forbidden" Error
- Ensure HF_TOKEN is set and valid
- Note:
meta-llama/Llama-Prompt-Guard-2-86Mis deprecated on HF Inference API - Default test model is
protectai/deberta-v3-base-prompt-injection-v2(publicly accessible)
Model Loading
- HuggingFace warms up models on demand
- Tests may skip with "Model loading" message on first run
- Re-run tests after model is warm
Network Issues
- Integration tests require network access to HuggingFace API
- Tests will fail in sandboxed environments without network access
Risk Levels
none: score < 0.3low: score 0.3-0.5medium: score 0.5-0.7high: score 0.7-0.9critical: score >= 0.9
Categories
benign: Normal, safe contentinjection: Prompt injection attemptjailbreak: Jailbreak attemptmalicious: Malicious content (Prompt Guard v2)
GitHub 仓库
相关推荐技能
content-collections
元Content Collections 是一个 TypeScript 优先的构建工具,可将本地 Markdown/MDX 文件转换为类型安全的数据集合。它专为构建博客、文档站和内容密集型 Vite+React 应用而设计,提供基于 Zod 的自动模式验证。该工具涵盖从 Vite 插件配置、MDX 编译到生产环境部署的完整工作流。
sglang
元SGLang是一个专为LLM设计的高性能推理框架,特别适用于需要结构化输出的场景。它通过RadixAttention前缀缓存技术,在处理JSON、正则表达式、工具调用等具有重复前缀的复杂工作流时,能实现极速生成。如果你正在构建智能体或多轮对话系统,并追求远超vLLM的推理性能,SGLang是理想选择。
evaluating-llms-harness
测试该Skill通过60+个学术基准测试(如MMLU、GSM8K等)评估大语言模型质量,适用于模型对比、学术研究及训练进度追踪。它支持HuggingFace、vLLM和API接口,被EleutherAI等行业领先机构广泛采用。开发者可通过简单命令行快速对模型进行多任务批量评估。
llamaguard
其他LlamaGuard是Meta推出的7-8B参数内容审核模型,专门用于过滤LLM的输入和输出内容。它能检测六大安全风险类别(暴力/仇恨、性内容、武器、违禁品、自残、犯罪计划),准确率达94-95%。开发者可通过HuggingFace、vLLM或Sagemaker快速部署,并能与NeMo Guardrails集成实现自动化安全防护。