Workflow overview
Why this workflow matters
Potentially useful as a reusable automation building block.
This template is for AI builders, SecOps teams, and automation teams that expose agents, chatbots, or webhook workflows to untrusted user input. It helps reduce the risk of prompt injection, system prompt extraction, social engineering, and malicious content reaching downstream AI workflows. How it works The workflow receives text through a webhook and runs a zero-trust screening process before the input reaches a business agent. A Code node checks for deterministic attack patterns such as instruction overrides, role hijacking, prompt leakage attempts, hidden Unicode, SQL-style payloads, and XSS-style content. A second layer extracts URLs and applies local suspicious-domain heuristics. An isolated GPT-5.5 evaluator then classifies semantic risk, including prompt injection, data exfiltration intent, and social engineering. A scoring node combines the signals and routes low-risk input to a safe response while suspicious input is blocked, logged, and sent to Slack. How to set up Connect OpenAI, Slack, and Google Sheets credentials. Send untrusted input to the /firewall-check webhook before your main AI agent workflow. Requirements OpenAI access to GPT-5.5, Slack credentials, Google Sheets, and a webhook caller. How to customize the workflow Add your own attack patterns, tune risk thresholds, connect URLScan, VirusTotal, or Safe Browsing, and forward safe traffic to your production agent.
Best fit
Categories
Services
Use cases
Need another direction?