Deep inspection of environment variable handling, secrets storage patterns, and runtime configuration security.
This audit covers 18 checks across environment variable exposure risks, secrets management practices, .env file hygiene, server-side vs client-side variable segregation, and configuration drift between environments. AI tools frequently expose secrets through client bundles or commit them to version control — this audit catches those patterns before they reach production.
18
Total Checks
3
Delivery Formats
4
Categories
6
Versions
Prompt quality hardening: added counting/enumeration, numeric thresholds, cross-references, negative guardrails, measurement-on-pass, and quoting directives across all checks
2026-04-02
Added chunked format for browser-based tools
2026-03-01
Improved Step 3: paste URL is now primary submission method
2026-03-01
Hardened curl commands with -sS -L flags for redirect following and error visibility. Added response validation guidance to Step 3.
2026-02-23
Fixed invalid prompt_hash — replaced placeholder/non-hex value with actual SHA-256 digest of prompt content
2026-02-23
Initial release
2026-02-01
Copy the prompt in your preferred format above.
Paste into your AI coding tool (Claude Code, Cursor, Bolt, etc.).
Let the AI run all checks. Review the structured JSON output it produces.
Submit the JSON telemetry block to AuditBuffet for scoring and benchmarks.
Paste your JSON telemetry to get scores and benchmarks.
Submit Results