IPI Detector API

Detect Indirect Prompt Injection (IPI) attempts in agent actions.

Functions

detectIPI

async function detectIPI(action: AgentAction): Promise<IPIDetectorResult>

Analyzes action for IPI patterns. Returns score 0.0 (clean) to 1.0 (definite injection).

Milestone 1 Detection Rules:

• Base64-encoded payloads > 500 chars → score 0.6, class IPI-007
• Unicode zero-width characters → score 0.8, class IPI-007
• Destructive operation without Environment tag → score 0.4, class IPI-001

Types

interface IPIDetectorResult {
  score: number;         // 0.0 = clean, 1.0 = definite injection
  classes: string[];     // IPI class IDs that fired
  explanation: string;   // Human-readable explanation
}

Source

Implementation: packages/core/src/ipi/detector.ts