Add prompt-shield plugin — prompt injection detection & PII redaction#2167
Add prompt-shield plugin — prompt injection detection & PII redaction#2167mthamil107 wants to merge 3435 commits intolanggenius:mainfrom
Conversation
feat: update dinq plugin with API key auth
infiniai:add glm4.7 and minimax-2.1
feat: add json2chart plugin (v1.2.0)
update:update aigr plugin document
✨ feat: Add memos plugin v0.0.4 (Add a 'model output' input parameter…
…-0.2.3 bump mem0ai plugin to version 0.2.3
feat: update nacos mcp plugin version to 0.0.6
…-plugin Add ernie-paddle-aistudio-api plugin
…-0.2.4 bump mem0ai plugin to version 0.2.4
….0.1 add doubao seedream plugin
modify memory settings and readme file
feat: add dsl backup plugin
Feat/lkeap intl
bump qianfan plugin to version 0.0.1
…plugin-0.0.2 bump volcengine_ai plugin to version 0.0.2
Add A2A Client plugin v0.1.0
…-0.0.1 Add Tensdaq Plugin
add plugin giphy
feat: add plugin aitoearn-mcp
…n-plugin-1.0.0 bump agent-skill-plugin plugin to version 1.0.0
Add x-source tracking parameter to API calls to differentiate requests originating from the Dify plugin. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…-v0.0.2 feat: update Anakin plugin to v0.0.2
add doubao tts output mp3
feat: update nacos a2a server plugin version to 0.0.4, fix log
Update model descriptions and documentation.
…0.0.3 bump: brainiall plugin to v0.0.3
feat:mini_claw-1.0.0 plugin
…lugin-0.0.1 bump sakura-ai-engine plugin to version 0.0.1
…0.0.4 update dify package to 0.0.4
SQL Data Guard Dify Plugin
…n-0.0.1 cognee plugin submission
crazywoola
left a comment
crazywoola
left a comment
There was a problem hiding this comment.
❌ Request Changes
Decision: Request changes
Failed Checks
| Check | Status | Detail | Required action |
|---|---|---|---|
Icon validation |
❌ Fail | icon file not found: _assets/_assets/icon.svg | Provide a real custom icon file under _assets/ and reference it from manifest.yaml. |
Install test |
❌ Fail | Command failed (1): /var/folders/yl/54qqf2s909z2kjf8_vy8sg940000gn/T/pr-review-helper-9xsfm917/.venv/bin/python /var/folders/yl/54qqf2s909z2kjf8_vy8sg940000gn/T/pr-review-helper-9xsfm917/toolkit/validator/test-plugin-install.py -d /var/folders/yl/54qqf2s909z2… | Fix the plugin so test-plugin-install.py passes. |
Packaging test |
❌ Fail | Command failed (1): /var/folders/yl/54qqf2s909z2kjf8_vy8sg940000gn/T/pr-review-helper-9xsfm917/.venv/bin/python /var/folders/yl/54qqf2s909z2kjf8_vy8sg940000gn/T/pr-review-helper-9xsfm917/toolkit/uploader/upload-package.py -d /var/folders/yl/54qqf2s909z2kjf8_v… | Fix the plugin so upload-package.py --test passes. |
Full Check Results
| Check | Status | Detail | Required action |
|---|---|---|---|
PR content language |
✅ Pass | PR title/body CJK ratio=0.0% (zh=0, en=518, ignored_zh=0, allowed_zh<=0) | None. |
Project structure |
✅ Pass | All expected files present: manifest.yaml, README.md, PRIVACY.md. _assets/: no. | None. |
Manifest author |
✅ Pass | author is valid. | None. |
Icon validation |
❌ Fail | icon file not found: _assets/_assets/icon.svg | Provide a real custom icon file under _assets/ and reference it from manifest.yaml. |
Version check |
✅ Pass | version 0.1.0 is available. | None. |
README language |
✅ Pass | README.md CJK ratio=0.0% (zh=0, en=1086, allowed_zh<=0) | None. |
PRIVACY.md |
✅ Pass | PRIVACY.md exists and is non-empty. | None. |
Dependency install |
✅ Pass | requirements installed successfully. | None. |
dify_plugin version |
✅ Pass | dify_plugin version 0.7.4 satisfies >= 0.5.0. | None. |
Install test |
❌ Fail | Command failed (1): /var/folders/yl/54qqf2s909z2kjf8_vy8sg940000gn/T/pr-review-helper-9xsfm917/.venv/bin/python /var/folders/yl/54qqf2s909z2kjf8_vy8sg940000gn/T/pr-review-helper-9xsfm917/toolkit/validator/test-plugin-install.py -d /var/folders/yl/54qqf2s909z2… | Fix the plugin so test-plugin-install.py passes. |
Packaging test |
❌ Fail | Command failed (1): /var/folders/yl/54qqf2s909z2kjf8_vy8sg940000gn/T/pr-review-helper-9xsfm917/.venv/bin/python /var/folders/yl/54qqf2s909z2kjf8_vy8sg940000gn/T/pr-review-helper-9xsfm917/toolkit/uploader/upload-package.py -d /var/folders/yl/54qqf2s909z2kjf8_v… | Fix the plugin so upload-package.py --test passes. |
Next steps
- Icon validation: Provide a real custom icon file under _assets/ and reference it from manifest.yaml.
- Install test: Fix the plugin so test-plugin-install.py passes.
- Packaging test: Fix the plugin so upload-package.py --test passes.
Please address these issues and push an update.
|
This is really important work — prompt injection detection and PII masking are table stakes for any production agent deployment. I recently wrote about the trust infrastructure gap in agent marketplaces (commented on Dify Discussion #33415 about plugin security scanning). Your Prompt Shield addresses a different but equally critical layer: runtime input validation vs. static code analysis. For agent marketplaces to scale, the trust stack needs at least three layers:
Have you considered packaging this as a standalone service that other agent platforms could integrate? The demand for this kind of security tooling is going to explode as more agents handle sensitive data. |
|
Thanks for the thoughtful feedback! Fully agree on the three-layer trust stack — we're actively working toward layer 3 (output monitoring) in our v0.4.0 roadmap. To answer your question — yes, prompt-shield is designed to be embeddable anywhere:
A standalone HTTP service (Docker container with REST API) is on the roadmap under Docker & Helm Charts. That would make it platform-agnostic — any agent marketplace could call it as a sidecar. We'd love to explore deeper integration with Dify's plugin security layer. If you're interested in collaborating, feel free to open an issue at https://github.com/mthamil107/prompt-shield/issues. |
1 similar comment
|
Thanks for the thoughtful feedback! Fully agree on the three-layer trust stack — we're actively working toward layer 3 (output monitoring) in our v0.4.0 roadmap. To answer your question — yes, prompt-shield is designed to be embeddable anywhere:
A standalone HTTP service (Docker container with REST API) is on the roadmap under Docker & Helm Charts. That would make it platform-agnostic — any agent marketplace could call it as a sidecar. We'd love to explore deeper integration with Dify's plugin security layer. If you're interested in collaborating, feel free to open an issue at https://github.com/mthamil107/prompt-shield/issues. |
|
Hi! Following up on this plugin submission. Let me know if any changes are needed to the plugin structure or packaging. Happy to adjust. Thanks! |
|
@mthamil107 Thanks for the detailed breakdown of the integration options — the breadth of embedding approaches (Python lib → framework middleware → agent framework callbacks → Dify plugin → n8n node) is exactly the kind of distribution strategy that maximizes reach. Two thoughts on the trust stack collaboration opportunity: 1. The "runtime security as a service" angle is compelling. Once the Docker/Helm standalone service ships, you'd essentially have a universal security sidecar that any agent platform can integrate with a single API call. That's a much bigger market than any single plugin ecosystem. 2. On Layer 3 (output monitoring) in v0.4.0 — this is where things get really interesting for marketplace trust. If an agent marketplace could integrate Prompt Shield for both input validation AND output monitoring, you'd have end-to-end runtime protection. That's a strong differentiator. We're building ClawMarket — an open Agent marketplace where security and trust are core concerns. Prompt Shield as an integrated security layer (not just a listed tool) could be a compelling partnership. Would you be open to a quick chat about what deeper integration might look like? Also happy to open an issue on your repo with some specific integration ideas if that's a better starting point. |
20 participants
Plugin: prompt-shield
Prompt injection detection and PII redaction tool for Dify workflows.
Tools included
Details
All processing runs locally — no data is sent to external services.