Protect
Runtime prompt / tool / output defense
Median 50ms latency per decision · Inline MCP proxy via @panguard-ai/panguard-mcp-proxy · ProxyEvaluator tested against 9 attack classes with confidence ≥0.90 (reverse shell, env exfiltration, privilege escalation, unauthorized tool call, shell metacharacter injection).
WHAT THIS LAYER DOES
L3 Protect intercepts every MCP call at runtime. Guard daemon sits between the agent and the MCP server as an inline proxy — prompts, tool arguments, and tool responses all flow through ATR rules before reaching the agent. Policy engine decides allow / deny / notify in <50ms for rule-matched events.
WHY YOU NEED IT
Even audited skills can be prompt-injected at runtime via external content (web pages, emails, docs). And skills that pass static audit can still be compromised mid-session via tool-response poisoning. Static scan is necessary; runtime enforcement is sufficient.
HOW IT WORKS
panguard-mcp-proxy intercepts the stdio / SSE / WebSocket transport. ProxyEvaluator runs the same ATR rule engine used by L2 Audit, plus runtime-specific rules (shell metacharacters, credential patterns, command injection). Results stream to Guard which applies the policy engine's action.
TRY IT NOW
Start Guard with inline protection:
pga upATTACKS THIS LAYER CATCHES
Concrete threats, concrete controls
Indirect prompt injection via external content
CRITICALWeb pages or documents agent loads contain injection payloads (hidden JavaScript URIs, attacker-controlled markdown).
Tool argument injection
HIGHAttacker embeds shell metacharacters in tool arguments to escape the agent sandbox.