/**
 * Prompt injection scanner.
 *
 * Detects common prompt injection patterns in text and returns a risk
 * score with categorised matches.  Designed to run on every piece of
 * content that flows between the file system and an LLM.
 */
export type InjectionCategory = "instruction_override" | "role_play" | "delimiter_escape" | "instruction_marker" | "encoded_payload";
export type InjectionMatch = {
    pattern: string;
    category: InjectionCategory;
    matched: string;
    position: number;
    weight: number;
};
export type ScanResult = {
    score: number;
    flagged: boolean;
    matches: InjectionMatch[];
};
/**
 * Scan a text string for prompt injection patterns.
 *
 * @param text      The text to scan
 * @param threshold Risk score threshold (0–1) above which `flagged` is true
 * @returns         ScanResult with score, flagged boolean, and matches
 */
export declare function scanForInjection(text: string, threshold?: number): ScanResult;
/**
 * Sanitize text by wrapping it in safe delimiters and neutralising
 * known injection patterns.  Use this on content returned to the LLM
 * when you want to keep the content but reduce injection risk.
 */
export declare function sanitizeContent(text: string): string;
//# sourceMappingURL=injection.d.ts.map