hack-your-agent

Red-team Codex and Claude Code agents for prompt injection, MCP poisoning, memory poisoning, and concealed side effects.

HackYourAgent is a manual-use skill bundle for coding agents. It teaches an agent to map an authorized AI system, generate paired control and attack trials, inspect outputs one by one, and leave behind evidence, regressions, and hardening actions a builder can actually commit.

Most AI security tooling still looks like one of these:

• prompt scanners that never touch your actual agent workflow
• eval frameworks that are powerful but too heavy for everyday repo use
• research benchmarks that do not leave commit-ready regressions behind

HackYourAgent is the narrow wedge for builders using coding agents. It is designed to run inside Codex and Claude Code workflows, inspect repo-local trust boundaries, and tell you where prompt injection, tool poisoning, memory poisoning, approval confusion, or concealment still work.

• Native install for Codex and Claude Code
• A forensic red-team workflow with paired control and attack trials
• Evidence-first output under redteam/
• Seeded vulnerable example targets you can test immediately
• Launch-ready docs and examples you can extend for your own targets

Install the skill:

python3 scripts/install_skill.py both

Pick a seeded example:

• examples/vulnerable-rag-agent
• examples/vulnerable-mcp-agent
• examples/vulnerable-concealment-agent

Invoke the skill:

Use $hack-your-agent on examples/vulnerable-rag-agent.
Write only to redteam/ artifacts. Build a paired control/attack trial matrix,
inspect outputs one by one, and leave minimal repros and regressions.

Expected outcome:

• redteam/trials/trial-matrix.csv
• one dossier per trial in redteam/trials/
• raw evidence folders in redteam/evidence/
• ranked findings in redteam/findings/
• a hardening plan in redteam/hardening-plan.md