Scan Prompt
Analyze a prompt for risk signals before sending it to an LLM.
POST
/v1/scanScan a prompt for PII, cultural knowledge, education data, re-identification risks, and prompt injection.
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
prompt | string | Yes | The prompt text to scan |
metadata | object | No | Optional metadata for audit logging. Supports metadata.source (string) to identify the origin of the scan request (e.g. "chrome-extension", "api", "dashboard"). |
Response
200 OK
{
"tier": "yellow",
"action": "flag",
"risk_score": 45,
"signals": [
{
"domain": "cultural",
"type": "ceremony_reference",
"confidence": 0.85,
"weight": 40
}
],
"explanation": "Detected reference to indigenous ceremony...",
"sanitized_prompt": "Tell me about [CULTURAL_REFERENCE]",
"token_id": "tok_abc123...",
"active_domains": ["pii", "education", "cultural", "reidentification", "injection"],
"latency_ms": 8
}Response Fields
| Parameter | Type | Required | Description |
|---|---|---|---|
tier | "green" | "yellow" | "red" | Yes | Risk classification tier |
action | "allow" | "flag" | "block" | Yes | Recommended action |
risk_score | number | Yes | Aggregate risk score (0-100) |
signals | Signal[] | Yes | Array of detected risk signals |
explanation | string | Yes | Human-readable explanation |
sanitized_prompt | string | null | Yes | Prompt with sensitive data redacted (yellow/red tier) |
token_id | string | null | Yes | Confirmation token for yellow tier |
active_domains | string[] | Yes | Detection domains that were active |
latency_ms | number | Yes | Processing time in milliseconds |
Examples
cURL
curl -X POST https://indigiarmor.com/v1/scan \
-H "Authorization: Bearer ia_sk_..." \
-H "Content-Type: application/json" \
-d '{"prompt": "My SSN is 123-45-6789 and email is john@test.com"}'SDK
const result = await armor.scan('My SSN is 123-45-6789 and email is john@test.com');
if (result.action === 'block') {
console.log('Blocked:', result.explanation);
} else if (result.action === 'flag') {
// Use sanitized version or confirm token
console.log('Sanitized:', result.sanitized_prompt);
}