Promptguard

Name: Security Analysis: Promptguard
Item: Promptguard
Rating: 5
Author: ChromeBoard

✨ AI-Powered 🔍 Security Report Available

📦 v0.1.0

💾 51.32KiB

📅 2026-01-19

View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

When you paste into supported AI sites (such as Gemini, ChatGPT, Perplexity, or Claude), PromptGuard scans the content locally on your device for patterns which may indicate sensitive data— such as paswords, API keys, private keys, tokens, or personally identifiable information.

If a potential risk is detected, PromptGuard displays a clear warning so you can review the content before continuing.

Key features include:
⚠️ Real-time warnings before you send risky content

🧠 Explainable results showing why content was flagged

📊 Local analytics dashboard with aggregated counts only

🔒 Privacy-first design — no prompt content is stored or transmitted

Privacy & Security:
All analysis is run entirely in your browser. No text you type is sent or stored anywhere, and analytics are anonymous and local to your device. There are no accounts, tracking, or external servers.

Privacy Practices

✓ Not being sold to third parties, outside of the approved use cases

✓ Not being used or transferred for purposes that are unrelated to the item's core functionality

✓ Not being used or transferred to determine creditworthiness or for lending purposes

v0.1.0 Info Scanned Mar 11, 2026

Security Analysis — Promptguard

Analyzed v0.1.0 · Mar 11, 2026 · 5 JS files · 43 KB scanned

Permissions

Code Patterns Detected

Package Contents 17 files · 140KB

▾📁_metadata3KB

{}verified_contents.json3KB

▾📁assets5KB

▾📁icons5KB

🖼icon128.png3KB

🖼icon16.png436B

🖼icon32.png908B

🖼icon48.png1KB

▾📁background7KB

📜storage.js2KB

📄storage.js.map5KB

▾📁content66KB

📜interceptor.js23KB

📄interceptor.js.map43KB

▾📁dist

▾📁extension

📁assets

▾📁ui38KB

📜dashboard.js5KB

📄dashboard.js.map11KB

📜modal.js8KB

📄modal.js.map14KB

{}manifest.json1KB

🌐popup.html2KB

📜popup.js5KB

📄popup.js.map11KB

What This Extension Does

Promptguard is a privacy-focused browser extension designed to prevent users from accidentally pasting sensitive information (like passwords or API keys) into AI chat interfaces. It operates entirely on the user's device by scanning clipboard content locally before it reaches AI services like ChatGPT or Gemini. While its stated goal is robust, security analysis reveals significant risks including potential keylogging behavior and insecure code practices that contradict its privacy promises.

Permissions Explained

storageexpected: This allows the extension to save settings, counts of blocked prompts, and analytics data within your browser. It is necessary for the dashboard but must be limited to local-only usage.
Technical: Accesses chrome.storage.sync or chrome.storage.local. If compromised, an attacker could read/write user preferences or inject malicious state into the extension's background script.
https://chat.openai.com/*expected: This grants the extension access to view and modify content on ChatGPT pages. It is required to scan text you paste before sending it.
Technical: Injects a content script into the page context. This allows reading DOM elements, clipboard data via APIs, and modifying the UI (e.g., showing warnings). If the injected code is malicious or buggy, it can read your entire conversation history.
https://chatgpt.com/*expected: Similar to the OpenAI domain above, this allows scanning content on the newer ChatGPT interface.
Technical: Content script injection point. High privilege access to the page context where sensitive user input is processed.
https://claude.ai/*expected: Allows scanning content on Claude's web interface for sensitive data patterns.
Technical: Content script injection point. Access to DOM and clipboard APIs within the Claude context.
https://gemini.google.com/*expected: Allows scanning content on Google's Gemini interface.
Technical: Content script injection point. Access to DOM and clipboard APIs within the Gemini context.
https://www.perplexity.ai/*expected: Allows scanning content on Perplexity's search/AI interface.
Technical: Content script injection point. Access to DOM and clipboard APIs within the Perplexity context.

Your Data

The extension claims to process data locally without sending it anywhere. However, the analysis indicates it captures keystrokes and monitors storage changes, meaning it has access to your raw input as you type or paste.

Technical Details

No external network requests detected (good). Data exposure is strictly local via DOM manipulation and Clipboard API interception. The 'captures keystrokes' finding suggests the extension may be logging input events or reading clipboard history before the user can intervene, which contradicts the 'no text stored' claim if logs are persisted to storage.

Code Findings

Potential Keylogging BehaviorCritical

The extension appears to be capturing your keystrokes. This is a major privacy risk because it means the developer (or anyone with access to your browser data) could see exactly what you type, including passwords and private keys, before they even paste them.

Technical: Analysis flag indicates 'Captures keystrokes'. In Manifest V3 extensions, this usually implies listening to 'input' events or using the Clipboard API in a way that buffers input. If the code writes this data to chrome.storage.sync, it violates the principle of least privilege and creates a massive attack surface.

💡 Legitimate scanning extensions do not need to capture keystrokes; they can scan the clipboard content immediately after a paste event or via the 'beforeinput' event without logging every character typed.

Insecure Content Security PolicyMedium

The extension does not enforce strict security rules on its own code. This makes it easier for hackers to inject malicious scripts into the extension itself if they find a vulnerability.

Technical: Content Security Policy (CSP) is 'not set'. Without a CSP, the browser allows inline scripts and external resources by default. An attacker who compromises the extension's source code could easily inject an XSS payload that runs with the same privileges as the extension.

💡 Developers often skip CSP during early development (v0.1.0) to speed up iteration, but it should be implemented before release.

XSS Vector via innerHTMLMedium

The extension modifies the webpage by inserting HTML content. If this code is not sanitized properly, it could accidentally (or maliciously) execute harmful scripts on your computer.

Technical: Code pattern: 'innerHTML assignment'. This method parses strings as HTML. If the extension reads user input and blindly assigns it to an innerHTML property without escaping special characters (<, >, &), it creates a Cross-Site Scripting (XSS) vulnerability.

💡 Extensions often need to inject UI elements (like warning banners). This is standard practice but requires strict sanitization of any dynamic content.

Storage MonitoringInfo

The extension watches for changes to your browser's saved data. This is normal for saving settings but means it has broad access to your stored preferences.

Technical: Event listener setup on chrome.storage.onChanged. This allows the extension to react to any change in storage, which could be used to detect if another extension modifies its settings or to sync data across devices.

💡 Required for updating the UI when a user changes settings (e.g., toggling 'strict mode').

Bottom Line

While Promptguard aims to protect your privacy, its current implementation contains critical flaws that undermine its own security promises. The finding of 'keystroke capture' and the lack of a Content Security Policy suggest the extension is not yet ready for production use on sensitive data. We recommend users avoid installing this version until the developer addresses the keylogging risk and implements strict code sanitization.