prompt-guard_skill

This skill detects prompt injections and jailbreak attempts in LLM apps, ensuring safer interactions and reliable third-party data filtering.
  • TeX

5.2k

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill orchestra-research/ai-research-skills --skill prompt-guard

  • SKILL.md9.2 KB

Overview

This skill provides a lightweight, production-ready prompt injection and jailbreak detector based on an 86M-parameter classifier. It filters user prompts and third-party data for LLM applications with very high true positive rates and low false positives, while remaining fast enough for real-time inference. Deployable via HuggingFace or used for batch RAG filtering, it supports eight languages and both CPU and GPU environments.

How this skill works

The model classifies input into BENIGN, INJECTION, or JAILBREAK labels and returns probabilities for each class. You can compute a direct jailbreak score or sum injection+jailbreak probabilities for third-party data. It accepts tokenized inputs (truncated to 512 tokens by default) and supports single-call, batch, and sliding-window scoring for long texts.

When to use it

  • Pre-filter user prompts before sending them to an LLM to block jailbreak attempts
  • Scan API responses, scraped content, or retrieved RAG documents for embedded instructions
  • Run high-throughput batch filtering of retrieved documents during RAG pipelines
  • Deploy as a lightweight guard in low-budget or latency-sensitive environments
  • Add a language-aware safety layer for multilingual LLM apps (8 supported languages)

Best practices

  • Use a lower threshold (e.g., 0.3) for third-party data and a stricter threshold (e.g., 0.5) for user inputs
  • Apply a sliding-window or chunked scoring approach for texts longer than 512 tokens to avoid missed injections
  • Combine Prompt Guard with content moderation and output-validation tools for defense-in-depth
  • Raise thresholds for trusted users or known internal data to reduce false positives on legitimate security research
  • Batch tokenize and run inference in groups to maximize throughput when filtering large document sets

Example use cases

  • Block user messages like 'Ignore previous instructions' before they reach the LLM
  • Filter RAG-sourced documents and discard any with embedded commands or hidden system instructions
  • Scan API responses from third-party services and sanitize or drop suspicious payloads
  • Run nightly batch scans of knowledge bases to remove context-poisoning content
  • Integrate as Layer 1 in a multi-layer safety pipeline alongside moderation and policy validators

FAQ

Use 0.5 for balanced user input protection, 0.3 for third-party/RAG data, and lower thresholds (e.g., 0.3) for high-security environments.

How do I handle texts longer than 512 tokens?

Chunk the text with overlap (e.g., 512-token windows with 256-token overlap) and take the maximum chunk score to avoid missing injections at the end.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
prompt-guard skill by orchestra-research/ai-research-skills | VeilStrat