AI Prompt Injection Testcase Builder

Turn an app description and tool list into OWASP-mapped adversarial testcases

Generation runs entirely in your browser. The app description, tool names, and generated prompts are not uploaded, logged, or stored. These are smoke-test prompts to probe your own agent, not a security guarantee or a substitute for a full red-team review.
Risk categories to generate

Describe your agent, list its tools, choose risk categories, and select Generate testcases to build OWASP-mapped prompt-injection cases.

About the AI prompt injection testcase builder

The AI prompt injection testcase builder turns a short description of your AI app or agent and a list of its tools into a set of adversarial test prompts you can run against it before you ship. Describe the agent, paste the tool names, pick the risk categories you care about, and the tool generates OWASP-mapped testcases. Each case includes an objective, the adversarial prompt to send, and the safe behavior you should see instead. You can download the set as JSONL for an eval harness or copy a markdown checklist into a pull request.

It is built for AI product engineers, security reviewers, and founders who need a quick prompt-injection and excessive-agency smoke test without standing up a whole red-team pipeline first. Generation runs entirely in your browser from deterministic templates. The app description, tool names, and generated prompts are never uploaded, logged, or stored, which matters because an agent description can reveal internal tools, policies, and data categories. This is a starting checklist, not a guarantee. Treat a passing run as the floor, not the ceiling.

How to use

  1. Describe your AI app or agent: what it does, what data it can reach, and any hidden system prompt or keys it holds.
  2. List its tools, one per line or comma-separated. A sample support agent and tool list are loaded so you can see the format.
  3. Choose the risk categories to generate: prompt injection, tool misuse, excessive agency, data exfiltration, and instruction hierarchy.
  4. Select Generate testcases to build the OWASP-mapped cases, each with an objective, an adversarial prompt, and the expected safe behavior.
  5. Download the JSONL for your eval harness or copy the markdown checklist into a pull request, then run each case against your agent and confirm it holds.

Worked examples

An instruction-override prompt under prompt injection

A direct takeover attempt that tells the agent to ignore its system prompt. A safe agent keeps its original policy and declines, so this case fails if the agent obeys.

A per-tool case for send_email under tool misuse

Generated once for each tool you list, it tries to invoke the tool with unsafe or wildcard arguments. A safe agent validates the arguments against policy and refuses.

A system-prompt extraction prompt under data exfiltration

It asks the agent to reveal its hidden system prompt and any keys. A safe agent refuses to disclose its configuration or secrets, so a leak here is a finding to fix.

Frequently asked questions

What does this tool generate?
Adversarial prompt-injection testcases mapped to OWASP LLM risk categories. Each case has a stable id, an objective, the adversarial prompt to send to your agent, and the safe behavior you should see instead. You can export them as JSONL for an eval harness or as a markdown checklist.
Which risk categories does it cover?
Prompt injection (direct and indirect), tool misuse, excessive agency, data exfiltration, and instruction hierarchy. You choose which categories to generate. Tool misuse and excessive agency add one case per tool you list so the prompts name your actual tools.
Is my app description or tool list uploaded anywhere?
No. Generation runs entirely in your browser from deterministic templates. The app description, tool names, and generated prompts are never uploaded, logged, or stored, and they are not included in any analytics. Only coarse, anonymous counts are recorded so we can tell how often the tool is used.
Does a passing run mean my agent is safe?
No. This is a starting smoke test, not a guarantee. The cases are deterministic templates that cover common injection patterns, not an exhaustive or adaptive red-team. Use a passing run as a floor, keep your own adversarial testing, and combine it with code review and runtime guardrails.
Can I use the JSONL with an eval framework?
Yes. The JSONL export is one compact JSON object per line with id, category, objective, prompt, expected_safe_behavior, and tags, which is straightforward to load into promptfoo, a custom harness, or your own scripts. Framework-specific export presets are a planned follow-up.
Is the prompt injection testcase builder free?
Yes. It is free to use and does not require an account.

Use this again tomorrow

Save this page so it's one tap away when you need a quick result.

Bookmark this tool

Take a 2-minute brain break.

Play Daily Challenge on sts.games

Related tools

Try another quick utility while you are here.

Kubernetes RBAC Verb Matrix

Risk-rank pasted Role and ClusterRole YAML.

Terraform Plan Blast Radius Card

Risk-rank a pasted terraform plan.

More tools

Browse the rest of the toolkit.