Prompt Injection Scanner
Scan documents, scraped content, or user input for common prompt injection patterns before an agent reads it. Rule-based, in-browser.
It checks text for hidden instructions that could trick your AI.
What this tool does
Content that an agent reads can contain instructions aimed at the model: ignore-previous-instructions overrides, exfiltration requests, role hijacks, or payloads hidden in encoded text. This scanner flags those mechanical patterns with fixed rules. It cannot catch every attack, but it catches the common ones.
- Screen scraped web content before feeding it to an agent
- Check user-submitted text that ends up in a prompt
- Learn what injection attempts actually look like
Input exceeds 200,000 characters. Only the first 200k is scanned.
Scanning runs locally as you type. Rule-based patterns only; novel or well-disguised attacks may not match.
Paste content above to scan for common prompt injection patterns.
· findings · high · medium · low
No patterns matched. Rule-based scanning cannot catch novel or well-disguised attacks. Treat all external content as untrusted regardless of a clean scan.
| Line | Category | Severity | Matched snippet | Explanation |
|---|---|---|---|---|
|
- Never give an agent more permissions than the content deserves. Read-only tools for untrusted input; no shell or delete access by default.
- Separate untrusted content from instructions in the prompt. Wrap user or scraped text in clear delimiters and state that the enclosed block is data, not commands.
- Require human approval for destructive tool calls such as file deletion, outbound network requests, or credential access.
Your content never leaves the browser. Pattern matching runs entirely on your device. Nothing is uploaded, logged, or sent to a server.
Agents treat everything in context as potential instructions. Scraped pages, email bodies, PDF text, and user uploads can carry hidden directives: ignore prior rules, adopt a new role, leak the system prompt, or trigger tools. This scanner flags common regex-shaped patterns so you can review content before an agent ingests it.
It is not a guarantee of safety. Encoded, paraphrased, or multilingual attacks may slip through, and benign text can trigger false positives on encoded blobs or hex dumps. Use it as a first pass, then keep untrusted data out of the instruction layer and limit what tools can do without approval.