Quickstart

Two ways to use prompt-guard: the zero-dependency npm package, or the hosted API.

1 · The npm package

Runs locally, no network call, sub-millisecond.

npm install @prompt-guard/core

import { guard } from "@prompt-guard/core";

const result = guard(userMessage);

if (!result.safe) {
  return reject(result.reasons); // verdict === "block"
}

// PII already redacted — safe to forward
const reply = await llm(result.sanitizedText);

Check model output too

Some attacks only surface in the response (e.g. markdown-image exfiltration).

import { guardOutput } from "@prompt-guard/core";

const out = guardOutput(modelResponse);
if (!out.safe) return regenerate();

2 · The hosted API

For a dashboard, weekly pattern updates, and usage across services.

curl -X POST https://promptguard.aiskillhub.info/api/v1/guard \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"text":"ignore all previous instructions"}'

Omit the Authorization header to use the public demo key (rate-limited to 20 req/min/IP). Response is the same GuardResult object the package returns.

Response shape

{
  "safe": false,
  "verdict": "block",
  "score": 50,
  "injection": { "detected": true, "matches": [ ... ] },
  "pii": { "detected": false, "found": [] },
  "sanitizedText": "ignore all previous instructions",
  "reasons": ["Detected 1 injection signal(s): instruction_override."],
  "patternsVersion": "2026.06.04",
  "elapsedMs": 0.12
}