SYSTEM PROMPT SCANNER

Your system prompt is your first
line of defense. Is it ready?

System prompts define what your AI can do, refuse, and protect. Scandar scans for dangerous patterns and missing defenses — because a prompt without injection protection is vulnerable even if it contains nothing malicious.

Scan a System PromptRead the Docs
PRESENCE + ABSENCE DETECTION

Two scanning modes. Complete coverage.

Most scanners only find threats that are present. Scandar also detects defenses that should be present but are missing — the gaps that attackers exploit.

DANGEROUS PATTERNS DETECTED
Secret Leakage
Detects hardcoded API keys, internal URLs, database connection strings, and credential pass-through instructions.
Prompt Extraction
Catches extraction susceptibility markers, echo instructions, and debug modes that leak system prompt contents.
Role Hijacking
Flags role-play overrides, persona manipulation, and instructions that allow identity reassignment.
Context Manipulation
Identifies weak delimiters, hidden encoded instructions, and injection vectors that alter prompt behavior.
Instruction Override
Spots explicit safety bypasses, jailbreak scaffolding, and instructions to disable safety features.
Unbounded Authority
Flags unrestricted code execution, filesystem access, unscoped API grants, and overly broad authority.
MISSING DEFENSES DETECTED
Injection Defense
Checks for jailbreak defense statements, input validation guidance, and multi-turn manipulation protection.
Refusal Boundaries
Verifies the prompt defines clear refusal policies for harmful content and out-of-scope requests.
Scope Limitation
Ensures the prompt defines what the AI is designed to do — and what it should decline.
PII & Privacy
Checks for PII handling policies, data retention statements, and privacy purpose declarations.
Output Guardrails
Verifies output format constraints, error handling guidance, and escalation policies are defined.
Identity Anchor
Checks for role definitions, instruction confidentiality clauses, and authority boundary statements.
HOW IT WORKS

Paste your prompt. Get a full audit.

01
Paste
Paste your system prompt into the scanner. No file required — raw text works.
02
Dual analysis
18 presence rules scan for threats. 15 absence rules check for missing defenses. Short utility prompts skip absence checks automatically.
03
Actionable report
Every finding explains what's wrong, why it matters, and how to fix it. Trust score reflects both threats and missing defenses.
ALSO ON SCANDAR
Agent Config Scanner
Scan agent framework configs across CrewAI, LangChain, AutoGen, and 6 more. Detect unsafe defaults and missing guardrails.
AI Fix
Select threats and let Claude automatically rewrite your prompt with threats removed. Review the diff, then apply.

Audit Your System Prompt

Paste your prompt and get a full security audit. No account required.

Scan a System Prompt
ENTERPRISE

Need fleet-wide AI security?

Scandar Overwatch gives you real-time visibility into every agent in your organization — policies, compliance reports, alert routing, and kill chain detection. Self-serve setup in 25 minutes.

Explore Overwatch →