Helpers create common OWASP LLM Top 10 guardrail rules for prompts, retrieved context, and model outputs.
Usage
rule_injection_basic()
rule_injection_indirect()
rule_nlp_intent()
rule_pii_email()
rule_pii_phone()
rule_pii_ssn()
rule_secrets_api_key()
rule_secrets_bearer()
rule_secrets_aws()
rule_secrets_password()
rule_phi_condition()
rule_agency_language()
rule_system_prompt_leak()
rule_diagnosis_claim()
rule_financial_advice()Details
The helpers are intentionally small wrappers around shieldr_rule(). They
form the source rule bank used by policy(). Each helper encodes one
common class of risk, such as prompt injection, NLP intent, PII, secrets,
excessive agency, system-prompt extraction, diagnosis claims, or financial
advice.
The rules are conservative defaults, not exhaustive detectors. They are designed to be readable, testable, and easy to replace with organization- specific rules when needed.
Examples
rule_injection_basic()
#> $id
#> [1] "llm01.injection.basic"
#>
#> $pattern
#> [1] "(?i)ignore\\s+(all\\s+)?(previous|prior|above)\\s+(instructions|rules)|disregard\\s+(all\\s+)?(previous|prior|above)|forget\\s+(all\\s+)?(previous|prior|above)|override\\s+(the\\s+)?(system|developer)?\\s*instructions|\\bjailbreak\\b|do\\s+anything\\s+now|\\bDAN\\b"
#>
#> $fn
#> NULL
#>
#> $owasp
#> [1] "llm01"
#>
#> $severity
#> [1] "critical"
#>
#> $action
#> [1] "block"
#>
#> $description
#> [1] "Direct prompt-injection or jailbreak language."
#>
#> attr(,"class")
#> [1] "shieldr_rule"
rule_pii_email()
#> $id
#> [1] "llm02.pii.email"
#>
#> $pattern
#> [1] "\\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,}\\b"
#>
#> $fn
#> NULL
#>
#> $owasp
#> [1] "llm02"
#>
#> $severity
#> [1] "medium"
#>
#> $action
#> [1] "redact"
#>
#> $description
#> [1] "Email address."
#>
#> attr(,"class")
#> [1] "shieldr_rule"