What GauntletScore checks
Network Behavior
Analyze outbound HTTP/DNS calls. Detect exfiltration, unauthorized API calls, or command-and-control patterns.
Credential Access
Flag hardcoded API keys, auth tokens in code or config. Check for environment variable smuggling.
Prompt Injection
Detect prompt injection vulnerabilities, jailbreak attempts, and instruction override patterns.
Data Transmission
Verify data flows match documentation. Detect unauthorized data collection or logging.
Docs vs. Behavior
Cross-check declared capabilities against actual code. Flag undisclosed features.
Combination Patterns
Detect attack chains like token + exfil, prompt injection + env var access, etc.
How it works
Submit Code Package
Upload agent code, skill package, tool definition, or capability manifest.
Security Analysis
Agents analyze code for prompt injection, credential leaks, unauthorized network calls, and behavior mismatches.
Receive Security Verdict
Get verdicts on safety issues with flagged code sections and remediation suggestions.
GauntletScore provides assistive verification and is not a substitute for professional judgment.