Input is processed only in the active browser tab's memory and is not sent to a ByteQuant server.
Prompt Injection Risk Pre-Scan
Scans user, web, or RAG text with time-bounded explainable rules and reports role changes, ignore-previous-instruction phrases, secret or system-prompt requests, and encoded-command signals by line. It is not semantic classification, sandboxing, or a jailbreak guarantee.
Input and output are not stored. The optional usage counter keeps only tool identity and count, never content.
Output comes from disclosed rules or browser APIs and needs independent review before high-impact use.
A result in three steps
- 01
Paste only text you are authorized to inspect.
- 02
Run the local pre-scan and review each finding's line and rule.
- 03
Verify with source trust, separate instruction/data channels, allowlists, and real model tests.
When is this tool useful?
- ✓ First-pass RAG-content triage
- ✓ Checking tool-using agent input
- ✓ Preparing red-team scenarios
Automated output is a preliminary assessment. Do not use it alone for legal, financial, medical, or security-critical decisions.
Guides for this tool
Browser-Only Agentic AI: Designing Safe Tool Orchestration
Combine semantic search, multi-step plans, visible rationale, error translation, and on-device voice without uploading data.
Read guide →Local Security Guide to Web Crypto, RAG, and Prompt Injection
Apply passphrases, HMAC, SRI, CIDR, RAG budgets, and injection pre-scans with correct security boundaries.
Read guide →Frequently asked questions
Does this tool send input to a server?+
No. Processing runs in this browser tab. Data leaves the page only when you choose to copy or download the result.
Is the result definitive?+
The tool produces consistent output from disclosed rules and browser APIs, but context, data quality, and method limitations can affect it. Verify high-impact decisions.
Is input saved?+
No. Tool input is not persisted. With consent, only tool identity and usage count may be kept on this device for personal shortcuts.