Score7.4
Popularity62.0
Risknone
TierSilver
Score breakdown
Usefulness8.0
Novelty8.0
Momentum6.0
Maturity6.7
Open-source/build8.4
Evidence7.2
Workflow potential8.9
Setup ease8.8
Popularity is tracked separately. Support, ads, sponsorships, and tips never affect these signals.
Why it matters
Useful for TypeScript / Node.js teams building AI agents that call external tools (MCP servers, CLI commands, direct function calls) and need a low-latency, drop-in defense layer against indirect prompt injection — the most common real-world attack vector in production agent systems.
Who should use it
TypeScript / Node.js teams building AI agents that call external tools (MCP, CLI, direct function) and need indirect-prompt-injection defenseteams that need a drop-in `createPromptDefense()` wrapper around existing tool calls — no rewiring of the agent loop requiredproduction teams that need low-latency defense (~10ms per tool call) with no GPU and no external API callteams that need a 90.8% F1 indirect-prompt-injection detection rate with a bundled 22MB ONNX model (no extra downloads)developers who need TypeScript types throughout the defense layer (typed inputs/outputs) for type safetyteams shipping MCP-based agents that need to validate tool results from emails, documents, PRs, web fetches before they reach the LLM
Who should skip it
Skip if the source link, docs, or setup requirements do not match your workflow.
Risk explanation
106 stars is small — the library is shipping and benchmarked, but the community-contributed attack corpora / benchmarks are still small; 90.8% F1 means 1 in 10 attacks may still slip through — defense-in-depth (kernel sandbox + egress firewall + config scanner) is still required for high-stakes deployments; The bundled ONNX model adds ~22MB to the npm install — verify the bundle size impact on your edge / serverless deployment budget.
Evidence links
Closest alternatives / related signals
prompt-injectionindirect-prompt-injectionagent-securitytool-call-defensemcpclifunction-callingonnx