PromptScan
Scan untrusted user or webhook text for prompt injection before your agent or app forwards it to an LLM.
Overview
PromptScan is a MCP server for the Ship phase that scans untrusted text for prompt injection before AI agents pass it to an LLM.
What is this MCP server?
- Remote streamable-http MCP at https://promptscan.dev/mcp/
- Prompt injection detection API aimed at AI agent pipelines
- Scans untrusted text before it reaches the LLM context
- Open-source lineage at github.com/corporatelad/prompt-injection-firewall
- Server schema version 0.1.0 for hosted MCP registration
What problem does it solve?
User paste, web fetches, and webhook bodies can smuggle instructions that derail or exfiltrate from your agent in production.
Who is it for?
Indie builders launching agent features that ingest external text and need a fast hosted injection screen.
Skip if: Fully offline air-gapped agents with no untrusted input, or teams needing full DLP/compliance suites.
What do I get? / Deliverables
Untrusted input gets an injection check via MCP so you block or quarantine risky text before it hits the model.
- Injection risk signal on untrusted strings prior to LLM calls
- Clearer ship checklist for agent-facing input validation
Recommended MCP Servers
Journey fit
How it compares
Hosted prompt-injection firewall MCP, not a local static analysis or dependency audit skill.
Common Questions / FAQ
Who is PromptScan for?
Builders running AI agents or LLM apps that accept untrusted text from users, web pages, or integrations.
When should I use PromptScan?
Use it in Ship security and at live integration boundaries whenever text enters your agent pipeline from outside your trust zone.
How do I add PromptScan to my agent?
Add the streamable-http remote https://promptscan.dev/mcp/ to your MCP client per server.json and invoke scan tools before appending untrusted content to prompts.