Does this guarantee my prompt is safe?

No tool can. Adversarial testing finds weaknesses by example, not exhaustively, so a clean run means the generated attacks did not break it — not that nothing can. Treat it as one layer alongside output validation and monitoring.

Where does my API key go?

The key stays in your browser and is sent only directly to OpenAI or Anthropic for the test requests. It is never stored, logged, or routed through any Gera server. Requests go straight from your browser to the provider.

What is prompt injection versus role confusion?

Prompt injection tries to override your instructions with new ones embedded in user input ("ignore previous instructions"). Role confusion tries to make the model adopt a different persona or claim different permissions than your prompt grants. The tool generates both.

Why run the attacks live instead of just listing them?

A list of attacks tells you nothing about whether yours resists them. Running them shows the actual model response, so you can see exactly which inputs leak data, go off-topic, or break character, and fix the prompt accordingly.

Adversarial Prompt Tester

Adversarial prompt tester

Before a system prompt reaches users, it should survive contact with people trying to break it. This tester generates adversarial inputs — injection attempts, off-topic derailments, and role-confusion attacks — tailored to your prompt, then runs them against your own model using your API key. You see the real responses and can spot exactly where the prompt gives way.

How it works

You paste the system prompt you plan to ship and choose which attack categories matter to you. The tool produces a battery of crafted user messages for each category, then sends each one as a real chat request to OpenAI or Anthropic using your key. The system prompt is sent as the system role and the attack as the user message, exactly as production would, so the responses reflect genuine behavior. Each result is shown next to its attack so you can judge whether the guardrails held.

Tips for hardening

Read the responses, not just the verdict. A model can refuse and still leak its instructions in the refusal — look for that.
Add explicit refusals to your prompt for the attacks that worked: name the behavior and tell the model to decline.
Re-test after every change. Hardening one hole often opens another; re-running the same battery catches regressions.
Pair with output validation. A prompt is one layer — validate the model’s output downstream too, because no prompt is fully injection-proof.