ZeroLeaks
ZeroLeaks SDK

Prompt Scans

Configure, start, poll, list, and cancel hosted prompt security scans.

Prompt Scans

Prompt scans simulate a target from its system prompt and selected model. Use them before an application exists or when you intentionally do not want to execute application code. Use runtime scans when middleware, memory, RAG, and real tool behavior must match production.

Create a scan

const created = await zeroleaks.scans.create({
  systemPrompt,
  scanMode: "full",
  targetModel: "anthropic/claude-sonnet-5",
  temperature: 0.4,
  reasoningEffort: "medium",
  knowledgeProfile: "production",
  attackSurfaces: [
    "direct_chat",
    "indirect_content",
    "tool_calling",
    "multi_turn",
  ],
  maxAdaptiveCandidates: 8,
});

systemPrompt must contain at least 10 characters. Available scan modes are:

ModePurpose
extractionTests whether hidden instructions can be recovered
injectionTests resistance to malicious instruction overrides
dualRuns extraction and injection coverage
sandboxAdds tool execution and canary testing
fullRuns the broadest available hosted scan

Tool-aware scans

Prompt-scan tool definitions influence the hosted simulation; they do not execute your application's tool functions. Runtime adapters execute the real tool loop and return observed results.

const result = await zeroleaks.scans.run({
  systemPrompt,
  scanMode: "sandbox",
  userTools: [
    {
      name: "lookup_order",
      description: "Look up an order owned by the authenticated customer",
      parameters: {
        type: "object",
        properties: { orderId: { type: "string" } },
        required: ["orderId"],
      },
    },
  ],
  autoDetectTools: true,
  sandboxScanType: "both",
});

Get and list scans

const current = await zeroleaks.scans.get(scanId);

const page = await zeroleaks.scans.list({
  limit: 20,
  cursor: previousPage.nextCursor ?? undefined,
});

For workspace-owned resources, pass workspaceId to create() or list().

Cancel a scan

await zeroleaks.scans.cancel(scanId);

Cancellation is valid while a scan is pending or running. Completed, failed, and already-cancelled scans are terminal.

On this page