Introduction

Modules
Quick start
Links

Offensive security platform for AI agents and MCP infrastructure. Seven modules cover the full attack surface — from server scanning to document poisoning to retrieval manipulation.

Modules

Module	What it does
audit	Scans MCP servers for vulnerabilities, maps findings to the OWASP MCP Top 10, outputs SARIF
proxy	Intercepts MCP traffic between client and server for inspection, modification, and replay
inject	Tests AI agent susceptibility to tool poisoning and prompt injection using configurable payloads
chain	Composes multi-step attack sequences across audit findings and inject techniques
ipi	Generates adversarial documents with hidden instructions, tracks execution via authenticated callbacks
cxp	Builds poisoned instruction files for coding assistants, validates whether models comply
rxp	Measures whether adversarial documents win vector similarity battles in RAG retrieval layers

Quick start

pip install q-uestionable-ai
qai audit scan --transport stdio --command "npx @modelcontextprotocol/server-memory"

Or launch the web UI:

qai

Links

Quickstart

⌘I

Getting Started

Audit

Proxy

Inject

Chain

IPI — Indirect Prompt Injection

CXP — Context File Poisoning

RXP — RAG Retrieval Poisoning

Web UI

Configuration

Architecture

Modules

Quick start

Links

Getting Started

Audit

Proxy

Inject

Chain

IPI — Indirect Prompt Injection

CXP — Context File Poisoning

RXP — RAG Retrieval Poisoning

Web UI

Configuration

Architecture

​Modules

​Quick start

​Links

Modules

Quick start

Links