Deep inspection of environment variable handling, secrets storage patterns, and runtime configuration security.
This audit covers 18 checks across environment variable exposure risks, secrets management practices, .env file hygiene, server-side vs client-side variable segregation, and configuration drift between environments. AI tools frequently expose secrets through client bundles or commit them to version control — this audit catches those patterns before they reach production.
18
Total Checks
3
Delivery Formats
4
Categories
6
Versions
Included
Never included
Prompt quality hardening: added counting/enumeration, numeric thresholds, cross-references, negative guardrails, measurement-on-pass, and quoting directives across all checks
2026-04-02
Added chunked format for browser-based tools
2026-03-01
Improved Step 3: paste URL is now primary submission method
2026-03-01
Hardened curl commands with -sS -L flags for redirect following and error visibility. Added response validation guidance to Step 3.
2026-02-23
Fixed invalid prompt_hash — replaced placeholder/non-hex value with actual SHA-256 digest of prompt content
2026-02-23
Initial release
2026-02-01
Picked by pack overlap with this audit.
Foundational security assessment covering HTTP security headers, transport security configuration, and basic security hygiene to protect against common web attacks.
Advanced security header configuration quality — evaluates whether headers are configured correctly, not just present. Sequel to Security Headers & Basics.
Data handling assessment across the AI processing pipeline, covering storage, retention, PII protection, and user control over third-party model data sharing.
Safety assessment against prompt injection attacks, identifying vulnerabilities where untrusted user input might cause the AI to ignore instructions or exfiltrate data.
Comprehensive security audit for REST and GraphQL APIs, covering authentication, authorization, input validation, and protection against OWASP API Top 10 threats.