Expand description
Prompt-injection detection via weighted regex rules. Prompt-injection detection via weighted regex rules.
Scores user text for common prompt-injection signals — instruction
overrides, role hijacking, delimiter escapes, jailbreak phrases, and
payload drops — and returns a saturated aggregate risk in [0.0, 1.0].
Scope note: this is a coarse lexical heuristic, not an adversarial
detector. It catches the canonical surface forms (e.g. “ignore all previous
instructions”, DROP TABLE, <|im_start|>), but a determined adversary
trivially evades it by rephrasing, inserting punctuation, or using
look-alike Unicode. Treat the score as a cheap first-line filter to be
composed with output validation and sandboxing — never as a security
boundary on its own.
Structs§
- Injection
Score - Scored result of prompt-injection detection.
Functions§
- detect_
injection - Detect prompt-injection signals in user text.