$ man prompt-injection-surface
/prompt-injection-surface
PRICE / CALL
$0.03
USDC · base mainnet · scheme: exact
──────────────────────────────────────────────────────────────────────────────
NAME
prompt-injection-surface — scans ai app source code for prompt injection risk at llm call sites
SYNOPSIS
POST https://x402.agentutility.ai/prompt-injection-surface
Content-Type: application/json
X-PAYMENT: <signed-transferWithAuthorization>
{ ... }↳ first call → 402 Payment Required. Sign USDCtransferWithAuthorization, retry with theX-PAYMENT header.
DESCRIPTION
Scans AI app source code for prompt injection risk at LLM call sites. Walks .ts/.tsx/.js/.jsx/.py/.mjs/.cjs source files, locates LLM SDK call sites (anthropic, openai, @ai-sdk/*, google generative), and flags user input flowing into prompts without sanitization, calls without max_tokens caps, system/user prompt mixing, and LLM output used unvalidated in fetch/exec/eval. Returns 0-100 score, per-finding kind/severity/path/line/evidence/recommendation, and a Venice plain-English verdict. Dual input: {repo: 'owner/name'} (tree-walk, capped 500 files) or {files: [{path, content}, ...]}. Use it as an LLM call-site audit, unsanitized-user-input-in-prompts detector, system-message mixing flag, unbounded completion detector, AI app safety scan, or pre-deploy AI risk gate.
OUTPUT — response shape
| field | type | description |
|---|
| score | number | Overall prompt-injection risk score from 0 to 100, with higher meaning more unsafe LLM call sites detected. |
| risk_level | string | Bucketed verdict like low, medium, high, or critical derived from the score and severity mix. |
| findings | array | Array of issues with kind, severity, file path, line number, code evidence, and a fix recommendation. |
| signals | object | Counts of detected patterns: unsanitized user input, missing max_tokens, system/user mixing, unvalidated LLM output sinks. |
| summary | string | Venice plain-English verdict explaining the top risks and what to fix before deploying the AI app. |
| metadata | object | Scan metadata including files walked, LLM SDKs detected, repo or files-mode source, and scan duration. |
EXAMPLES — two ways to call
EXAMPLE 1 · curl
curl -X POST https://x402.agentutility.ai/prompt-injection-surface \
-H 'Content-Type: application/json' \
-d '{ }'first response = 402 Payment Required with payment requirements; sign + retry with X-PAYMENT.
EXAMPLE 2 · mcp
# Install the MCP package for this endpoint's cluster
npx -y @agentutility/mcp-<cluster>
# Required: EVM private key with USDC on Base
export X402_PRIVATE_KEY=0x...
# Then call the prompt-injection-surface tool from your MCP-aware agent.
MCP server handles payment automatically — your coding agent just calls the tool by name.
METADATA
- tags
- securityai-safetyprompt-injectionllmprooflayer
- env
- VENICE_API_KEY
- methods
- POST
- cluster
- prooflayer
- price
- $0.03 USDC per call
ADJACENT — other endpoints in prooflayer