$ man prompt-injection-detect
/prompt-injection-detect
PRICE / CALL
$0.02
USDC · base mainnet · scheme: exact
──────────────────────────────────────────────────────────────────────────────
NAME
prompt-injection-detect — prompt injection detector for untrusted inbound text — a webpage, an email, a tool result, or a message an agent is about to read
SYNOPSIS
POST https://x402.agentutility.ai/prompt-injection-detect
Content-Type: application/json
X-PAYMENT: <signed-transferWithAuthorization>
{ ... }↳ first call → 402 Payment Required. Sign USDCtransferWithAuthorization, retry with theX-PAYMENT header.
DESCRIPTION
Prompt injection detector for untrusted inbound text — a webpage, an email, a tool result, or a message an agent is about to read. Two layers run on every call: a deterministic pattern layer (pure code) matching known injection shapes — instruction override, system-prompt exfiltration, role hijack / jailbreak phrasing ('act as DAN', 'developer mode'), fake delimiter blocks, tool abuse, and covert manipulation — plus a calibrated LLM judge layer scoring overall injection likelihood 0-1, never inflated to please a caller. Returns which pattern families hit, matched snippets, the judge's reasoning, and a combined verdict. If the LLM leg fails, the deterministic layer alone is still a valid, billable result. Use it as a prompt injection detector, jailbreak detector, untrusted text screen, or LLM input firewall.
INPUT — request schema
| property | type | description | req? |
|---|
| text | string | Untrusted text to screen for prompt-injection attempts, e.g. scraped webpage content, an email body, or a tool result. Max 20000 chars. | required |
| context | string | Optional note on what the agent plans to do with this text, e.g. 'summarize for the user'. Max 500 chars, used as a hint only. | optional |
OUTPUT — response shape
| field | type | description |
|---|
| injection_likelihood | string | — |
| verdict | string | — |
| pattern_hits | string | — |
| families | string | — |
| reasoning | string | — |
| confidence | string | — |
| source | string | — |
EXAMPLES — two ways to call
EXAMPLE 1 · curl
curl -X POST https://x402.agentutility.ai/prompt-injection-detect \
-H 'Content-Type: application/json' \
-d '{ }'first response = 402 Payment Required with payment requirements; sign + retry with X-PAYMENT.
EXAMPLE 2 · mcp
# Install the MCP package for this endpoint's cluster
npx -y @agentutility/mcp-<cluster>
# Required: EVM private key with USDC on Base
export X402_PRIVATE_KEY=0x...
# Then call the prompt-injection-detect tool from your MCP-aware agent.
MCP server handles payment automatically — your coding agent just calls the tool by name.
METADATA
- tags
- promptinjectiondetectprompt-injection-detect
- methods
- POST
- cluster
- prooflayer
- price
- $0.02 USDC per call
ADJACENT — other endpoints in prooflayer
| endpoint | description | price |
|---|
| ai-image-detector | AI-generated image detector: send an image URL and get back a calibrated probability that the image is AI-generated or synthetic, plus th… | $0.02 |
| app-store-rejection-explain | Explains App Store and Google Play rejections and turns them into a resubmission plan. | $0.02 |
| db-migration-risk | Audits database migrations for risky SQL before deploy. | $0.02 |
| deploy-config-risk | Audits deploy configuration files for production risks. | $0.02 |
| secrets-exposure-check | Scans project config files for hardcoded secrets before you deploy. | $0.02 |
| ai-content-detector | Detect AI-generated writing with a calibrated probability score. | $0.03 |
| dep-risk-summary | Scores dependency risk for a whole repo from its manifests and lockfiles. | $0.03 |
| github-repo-health | GitHub repo health score / open-source maintainability checker. | $0.03 |