Free tool

Prompt Injection Risk Quiz for AI Agents

Answer 8 yes/no questions about how your AI agent is deployed and get an instant prompt-injection risk score, plus a specific lockdown checklist for every weak area. Nothing is uploaded — it all runs in your browser.

  1. 01Is your agent's dashboard or gateway reachable from the public internet (an open port)?

    e.g. the web UI is bound to 0.0.0.0 or you opened the gateway port in the firewall.

  2. 02Is the server firewall enabled with a default-deny policy (only SSH allowed in)?

    On Ubuntu that is UFW default-deny incoming, with no rule for the gateway port.

  3. 03Does the agent run as root, or as a user with sudo access?

    A compromised process running as root owns the whole server.

  4. 04Does the agent read untrusted email or web content without any sender/source filtering?

    Email is the single largest prompt-injection surface an agent has.

  5. 05Does the agent use your main personal accounts (your email, your GitHub) rather than its own?

    The agent should never operate as you.

  6. 06Does each agent get its own named, scoped API key (not a shared personal key)?

    e.g. hermes-prod-telegram, hermes-research — one key per agent.

  7. 07Have you set hard spend limits (a monthly cap + alert) at every model provider?

    A looping agent can burn a month's budget overnight.

  8. 08Is there a human approval step on irreversible actions (payments, deletions, public posts)?

    No control fully prevents a manipulated or mistaken destructive action.

Answer all 8 questions to see your risk score and lockdown checklist. (0/8 answered)

Why a prompt injection risk quiz matters

Agent security rests on one assumption: sooner or later your agent will read something malicious, so the damage is decided by what you gave it access to beforehand. Prompt injection is ranked the number-one LLM risk by OWASP (LLM01) because you cannot fully prevent it — you can only contain it. This quiz checks the eight structural controls that bound the blast radius: network exposure, firewall, non-root execution, input filtering, dedicated accounts, scoped API keys, provider spend limits, and a human approval step on irreversible actions.

What the score means

Each risky answer adds to a weighted exposure score from 0 to 100. A low score means the core containment layers are in place; a high score means connecting real accounts to this setup is where the incidents come from. The checklist below your score is generated from exactly the weak areas you flagged, so you only see the fixes that apply to you.

Where to go next

Before you install any third-party MCP server, run its config through the MCP Security Scanner. For the full step-by-step hardening playbooks, read Hermes agent security and OpenClaw secure setup.