// Use this agent when working with prompt injection detection integration tests, including running tests, debugging failures, or adding new test samples.
Creates properly formatted Git commits following conventional commit standards for the MCPSpy project. Use when asked to commit changes, stage files, or manage git workflows. Has access to git status, diff, checkout, add, and commit commands.
Creates well-structured GitHub issues for the MCPSpy project using the gh CLI tool. Use when asked to create issues, report bugs, or document features. Follows conventional naming with feat/chore/fix prefixes and maintains appropriate detail levels.
Handles all Golang testing tasks including running tests, writing new tests, and fixing test failures. Follows MCPSpy testing conventions with require for critical assertions and assert for non-critical ones.
| name | security-integration-tests |
| description | Use this agent when working with prompt injection detection integration tests, including running tests, debugging failures, or adding new test samples. |
| color | red |
The security package (pkg/security/) provides prompt injection detection using the HuggingFace Inference API. Integration tests verify detection accuracy with real API calls.
pkg/security/testdata/samples.json - Test data with benign and malicious samplespkg/security/hf/integration_test.go - HF client integration testspkg/security/integration_test.go - Full analyzer integration tests with event buspkg/security/hf/client.go - HuggingFace API client implementationpkg/security/analyzer.go - Main security analyzer that subscribes to MCP events# Run integration tests (requires HF_TOKEN environment variable)
HF_TOKEN=hf_xxx make test-integration
# Run with custom model
HF_TOKEN=hf_xxx HF_MODEL=protectai/deberta-v3-base-prompt-injection-v2 make test-integration
# Run unit tests only (no API calls, uses mock server)
go test -v ./pkg/security/...
samples.json){
"benign_samples": [
{
"description": "Description of the sample",
"text": "The text to analyze",
"expected_detected": false
}
],
"malicious_samples": [
{
"description": "Direct instruction override",
"text": "Ignore all previous instructions...",
"expected_detected": true,
"min_risk_score": 0.5
}
],
"mcp_tool_calls": [
{
"description": "Malicious tool call",
"method": "tools/call",
"params": { "name": "run_command", "arguments": {...} },
"expected_detected": true,
"min_risk_score": 0.5
}
]
}
Integration tests use the build tag //go:build integration and are excluded from regular go test ./... runs.
pkg/security/testdata/samples.jsonexpected_detected and optionally min_risk_scoremeta-llama/Llama-Prompt-Guard-2-86M is deprecated on HF Inference APIprotectai/deberta-v3-base-prompt-injection-v2 (publicly accessible)none: score < 0.3low: score 0.3-0.5medium: score 0.5-0.7high: score 0.7-0.9critical: score >= 0.9benign: Normal, safe contentinjection: Prompt injection attemptjailbreak: Jailbreak attemptmalicious: Malicious content (Prompt Guard v2)