InjectShield scans untrusted text for prompt injection patterns before it reaches your LLM's context window. The MCP server exposes three tools: scan for raw text, scan_url for remote content, and patterns to inspect the current ruleset. It runs heuristic detection across nine categories including instruction injection, role hijack, exfiltration attempts, and encoding smuggling, then returns risk scores and sanitized output. You'd reach for this when your agent ingests git commits, documentation, user inputs, or any external content you don't control. The detection patterns are open source MIT, while the hosted API at api.injectshield.dev adds metering, custom patterns, and semantic classification via Workers AI.
claude mcp add --transport stdio bch1212-injectshield uvx injectshield