Does this guarantee my prompt is safe?

No. It runs heuristic pattern matching against common OWASP LLM Top 10 risks, which catches many obvious problems but cannot understand intent or every attack. Treat a clean result as one signal, not a security certification.

Is my prompt sent anywhere?

No. All classification runs entirely in your browser with pattern matching. Your prompt never leaves the page, which is intentional given that prompts being checked may contain sensitive content.

What categories does it check?

It maps to OWASP LLM Top 10 items including prompt injection (LLM01), insecure output handling (LLM02), sensitive information disclosure (LLM06), and excessive agency / over-permissive instructions (LLM08), plus checks for embedded secrets.

Why did it flag a harmless prompt?

Heuristics produce false positives — a prompt that legitimately discusses "ignore previous instructions" as a topic will match the injection pattern. Read the matched snippet and use judgment; lower the sensitivity to reduce borderline flags.

What should I do with a flagged risk?

Each flag includes a mitigation. Common fixes are clearly separating untrusted user input from instructions, validating or encoding model output before using it, and removing hardcoded secrets in favor of server-side injection.

Prompt Safety Classifier

Prompt safety classifier

Before a prompt reaches a model — especially one wired into tools, databases, or production output — it is worth a quick safety pass. This classifier runs entirely in your browser and checks your prompt against patterns drawn from the OWASP LLM Top 10, flagging things like injection vectors, output that will be used unsafely, sensitive data, and over-broad agency. It will not catch every attack, but it catches the obvious mistakes that cause most real incidents.

How it works

You paste a prompt and pick a sensitivity level. The tool scans the text with a set of heuristics, each tied to an OWASP LLM risk category. It looks for injection phrasing (“ignore previous instructions,” “disregard your rules”), signs that model output will be executed or rendered without validation, embedded secrets and credentials, requests that grant the model excessive autonomy, and sensitive personal data. Every match reports the category, the snippet that triggered it, and a concrete mitigation. Because it is pure pattern matching, nothing is sent anywhere — important, since the prompts you most want to check are often the ones carrying sensitive content.

Tips and notes

Heuristics cut both ways: they catch common problems fast but also produce false positives, so always read the matched snippet rather than reacting to the count. A prompt that discusses prompt injection as a subject will, correctly, match the injection pattern. The highest-value fix this tool surfaces is structural — keeping untrusted user input clearly delimited and labeled as data, never merged into your instruction block, which neutralizes the most common injection class. A clean result is reassurance, not a guarantee; pair it with server-side input validation and output encoding for anything that touches production.