Skill Detail
Block agent egress, MCP prompt injection, and secret exfiltration before agents touch the open internet with Pipelock
Put an inline firewall and containment layer in front of agent network traffic, tool calls, and MCP traffic before you trust an agent with local secrets.
Security & VerificationMulti-Framework
Security & Verification
Multi-Framework
Security Reviewed
β 333 GitHub stars
INSTALL WITH ANY AGENT
npx skills add agentskillexchange/skills --skill block-agent-egress-mcp-prompt-injection-and-secret-exfiltration-before-agents-touch-the-open-internet-with-pipelock
Works best when you want a reusable capability, not another fragile one-off prompt.
At a glance
Tools required
Homebrew or Go, terminal, supported agent runtime or IDE integration
Install & setup
Install with `brew install luckyPipewrench/tap/pipelock` or `go install github.com/luckyPipewrench/pipelock/cmd/pipelock@latest`, run `pipelock init`, then place the agent behind `pipelock sandbox` or `pipelock mcp proxy` with your policy config.
Author
luckyPipewrench
Publisher
Individual
Last updated
Apr 16, 2026
Quick brief
Use Pipelock when the problem is not just running an agent, but safely containing what that agent can send, fetch, and execute once it has credentials or shell access. It sits at the boundary between the agent and the outside world, scans outbound and inbound traffic, wraps MCP servers, and enforces pre-execution policy before risky actions land. The scope boundary is clear: this is an operator workflow for guarding live agent egress and tool use, not a generic security product card or broad SDK listing.