Is my source code sent to ShipSafe servers?

Never. ShipSafe runs entirely on your machine. Scans, analysis, and auto-fixes all happen locally. Your source code never leaves your computer. No account required. Works offline.

How do I install ShipSafe?

Run: npm install -g @shipsafe/cli. Then run 'shipsafe scan' in any project directory. That's it — zero configuration required.

What does ShipSafe detect?

ShipSafe has 1,200+ detection rules covering SQL injection (127 rules), XSS (143 rules), prompt injection (7 rules), command injection (89 rules), SSRF (67 rules), hardcoded secrets (174 patterns), insecure authentication (98 rules), malicious MCP servers (30 patterns), path traversal, insecure deserialization, and more.

How is ShipSafe different from Snyk or SonarQube?

ShipSafe runs entirely locally (Snyk requires cloud), has AI-specific security rules like prompt injection and malicious MCP server detection (unique to ShipSafe), strips image metadata, and includes an MCP server for AI coding assistants. It's built for solo developers and small teams who use AI coding assistants.

Can I use ShipSafe with Claude, Cursor, or other AI tools?

Yes. ShipSafe includes an MCP server with 8 tools that plug directly into Claude, Cursor, Windsurf, and any other MCP-compatible assistant. Your AI can check security while it writes code.

What is prompt injection and does ShipSafe detect it?

Prompt injection is when untrusted user input is passed directly into LLM prompts, allowing attackers to manipulate AI behavior. ShipSafe has 7 dedicated rules that detect unsanitized user input in LLM prompts, system prompt leakage, indirect prompt injection via retrieved content, and prompt template manipulation.

What are malicious MCP servers and how does ShipSafe detect them?

Malicious MCP servers are rogue AI tool servers that can steal credentials, exfiltrate code, or inject malicious prompts. ShipSafe's scan-environment command checks your MCP configurations, CLAUDE.md files, git hooks, and npm scripts for 30 threat patterns including credential theft, data exfiltration, and prompt injection.

Yes. The free tier includes full security scanning with 1,200+ rules, git pre-commit hooks, baseline/delta mode, and support for 1 project. Pro ($19/mo) adds knowledge graph analysis, auto-fix, monitoring, and MCP server. Team ($49/mo) adds GitHub App integration and source maps.

How does ShipSafe reduce false positives?

ShipSafe uses Tree-sitter AST analysis to understand code context — it knows whether a variable comes from user input and whether it's been sanitized before reaching a dangerous sink. This context-aware detection dramatically reduces false positives compared to regex-only scanners.

Is it safe to use claude --dangerously-skip-permissions with ShipSafe?

ShipSafe's git pre-commit hooks provide a safety net when using --dangerously-skip-permissions. Even if Claude Code writes insecure code in autonomous mode, ShipSafe blocks the commit if it contains hardcoded secrets or critical vulnerabilities. Install hooks with: shipsafe hooks install.

March 18, 2026

How ShipSafe Detects Prompt Injection in AI Applications

Prompt injection is the #1 risk in the OWASP Top 10 for LLM Applications. ShipSafe is the only security scanner with dedicated prompt injection detection rules. Here is what they catch and why it matters.

What is Prompt Injection?

Prompt injection occurs when untrusted user input is passed directly into LLM prompts, allowing attackers to override system instructions. Think of it as SQL injection for AI applications. The attacker does not exploit a bug in the LLM itself — they exploit how your application constructs prompts.

The consequences range from data leakage (extracting system prompts, API keys, or user data) to full behavior manipulation (making the AI perform unintended actions like sending emails, calling APIs, or generating malicious content).

The 7 Prompt Injection Rules

ShipSafe ships with 7 dedicated rules that cover the major prompt injection attack vectors:

1. Unsanitized User Input in LLM Prompts

Catches when user input from request bodies, query parameters, or form data is concatenated directly into prompt strings without validation or sanitization.

2. System Prompt Leakage

Detects patterns where system prompts are included in responses or where the application structure makes it easy for users to extract system instructions.

3. Indirect Prompt Injection (RAG Poisoning)

Flags when retrieved content from databases, documents, or web pages is included in prompts without sanitization. Attackers can poison these sources with injection payloads.

4. Prompt Template Manipulation

Detects when user-controlled variables are used in prompt templates in ways that allow the template structure to be altered.

5. Missing Input Validation Before LLM Calls

Identifies code paths where user input reaches LLM API calls without any validation, length checking, or sanitization in between.

6. Jailbreak-Susceptible Patterns

Flags prompt constructions that are known to be susceptible to common jailbreak techniques like role-playing, hypothetical scenarios, and encoding tricks.

7. User Input in Function/Tool Parameters

Detects when user input is passed as tool parameters in function-calling LLMs, which can lead to unintended tool execution or parameter manipulation.

Example: Catching Unsanitized LLM Input

Consider this common pattern in AI applications:

// src/routes/chat.ts
app.post("/chat", async (req, res) => {
  const { message } = req.body;

  const response = await openai.chat.completions.create({
    model: "gpt-4",
    messages: [
      { role: "system", content: SYSTEM_PROMPT },
      { role: "user", content: message }, // unsanitized!
    ],
  });

  res.json({ reply: response.choices[0].message.content });
});

ShipSafe flags this immediately:

$ shipsafe scan

  HIGH  prompt-injection/unsanitized-llm-input
  src/routes/chat.ts:5
  User input from req.body is passed directly to LLM prompt
  without sanitization.
  Fix: Validate and sanitize user input before passing to LLM.
  Consider input length limits, character filtering, and prompt
  boundary tokens.

Why Other Scanners Miss This

Traditional security scanners like Semgrep, Snyk, and SonarQube were built before the LLM era. Their rule sets cover classic web vulnerabilities — SQL injection, XSS, SSRF — but they have no awareness of prompt construction patterns or LLM API calls.

ShipSafe was built specifically for the AI coding era. It understands the OpenAI, Anthropic, and other LLM SDK patterns and knows which function parameters are dangerous when they contain user input.

How to Protect Your AI Application

Install ShipSafe: npm install -g @shipsafe/cli
Scan your project: shipsafe scan
Install git hooks: shipsafe hooks install — blocks prompt injection from being committed
Validate input: Add length limits, character filtering, and prompt boundary tokens to all user inputs before they reach LLM calls
Sanitize retrieved content: If using RAG, sanitize retrieved documents before including them in prompts

Protect Your AI Application

ShipSafe is the only security scanner with dedicated prompt injection detection.

npm install -g @shipsafe/cliGet Started Free