🔎 Indirect Prompt Injection Scanner

Paste HTML — from a web page your AI assistant might browse, an email body, a Slack message, anything the LLM will read on your behalf. The scanner surfaces hidden instructions that would influence the model but wouldn't be visible to you.

Why paste instead of URL fetch? Browsers block cross-origin fetch() for safety. Use your browser's Developer Tools → "Copy outerHTML" or "View Source", then paste.

🧠 What this scanner looks for

• Instruction patterns in HTML comments — <!-- ignore previous instructions… -->
• Invisible text via CSS — white-on-white, transparent color, 0px font-size, 0 opacity
• Hidden elements — display:none, visibility:hidden, off-screen positioning
• Unicode tag characters — U+E0000–U+E007F, invisible to humans, readable by LLMs
• Suspicious data-* attributes — long human-readable strings in attributes the user never sees
• Suspicious <meta> tags — non-standard meta names that contain instructions
• Aria-label / alt text injection — instructions hidden in accessibility metadata
• Hidden form field values — long instruction text in <input type="hidden">

🧰 Related AI safety tools