Skip to content
clusters: prooflayer · edgemarket · edgefinance · synthforge · mediakit · wordmint · webprobe · locale · comppoint · rollforge · bestiary · statline · matchpoint · retail · agentops · browserworkflow · modelrouter · compose
$ man prompt-injection-detect

/prompt-injection-detect

agentutility / prooflayer / prompt-injection-detect
PRICE / CALL
$0.02
USDC · base mainnet · scheme: exact
METHOD
POST
CLUSTER
prooflayer
CATEGORY
uncategorized
STATUS
live
NAME
prompt-injection-detect prompt injection detector for untrusted inbound text — a webpage, an email, a tool result, or a message an agent is about to read
SYNOPSIS
POST https://x402.agentutility.ai/prompt-injection-detect
     Content-Type: application/json
     X-PAYMENT:    <signed-transferWithAuthorization>

     { ... }
↳ first call → 402 Payment Required. Sign USDCtransferWithAuthorization, retry with theX-PAYMENT header.
DESCRIPTION

Prompt injection detector for untrusted inbound text — a webpage, an email, a tool result, or a message an agent is about to read. Two layers run on every call: a deterministic pattern layer (pure code) matching known injection shapes — instruction override, system-prompt exfiltration, role hijack / jailbreak phrasing ('act as DAN', 'developer mode'), fake delimiter blocks, tool abuse, and covert manipulation — plus a calibrated LLM judge layer scoring overall injection likelihood 0-1, never inflated to please a caller. Returns which pattern families hit, matched snippets, the judge's reasoning, and a combined verdict. If the LLM leg fails, the deterministic layer alone is still a valid, billable result. Use it as a prompt injection detector, jailbreak detector, untrusted text screen, or LLM input firewall.

INPUTrequest schema
propertytypedescriptionreq?
textstringUntrusted text to screen for prompt-injection attempts, e.g. scraped webpage content, an email body, or a tool result. Max 20000 chars.required
contextstringOptional note on what the agent plans to do with this text, e.g. 'summarize for the user'. Max 500 chars, used as a hint only.optional
OUTPUTresponse shape
fieldtypedescription
injection_likelihoodstring
verdictstring
pattern_hitsstring
familiesstring
reasoningstring
confidencestring
sourcestring
EXAMPLEStwo ways to call
EXAMPLE 1 · curl
curl -X POST https://x402.agentutility.ai/prompt-injection-detect \
  -H 'Content-Type: application/json' \
  -d '{ }'
first response = 402 Payment Required with payment requirements; sign + retry with X-PAYMENT.
EXAMPLE 2 · mcp
# Install the MCP package for this endpoint's cluster
npx -y @agentutility/mcp-<cluster>

# Required: EVM private key with USDC on Base
export X402_PRIVATE_KEY=0x...

# Then call the prompt-injection-detect tool from your MCP-aware agent.
MCP server handles payment automatically — your coding agent just calls the tool by name.
METADATA
tags
promptinjectiondetectprompt-injection-detect
methods
POST
cluster
prooflayer
price
$0.02 USDC per call
ADJACENTother endpoints in prooflayer
endpointdescriptionprice
ai-image-detectorAI-generated image detector: send an image URL and get back a calibrated probability that the image is AI-generated or synthetic, plus th…$0.02
app-store-rejection-explainExplains App Store and Google Play rejections and turns them into a resubmission plan.$0.02
db-migration-riskAudits database migrations for risky SQL before deploy.$0.02
deploy-config-riskAudits deploy configuration files for production risks.$0.02
secrets-exposure-checkScans project config files for hardcoded secrets before you deploy.$0.02
ai-content-detectorDetect AI-generated writing with a calibrated probability score.$0.03
dep-risk-summaryScores dependency risk for a whole repo from its manifests and lockfiles.$0.03
github-repo-healthGitHub repo health score / open-source maintainability checker.$0.03
SEE ALSO
agentutility · prooflayer · x402 · mcp · llms.txt · registry.json · bazaar.x402.org