PromptShield
Integration

CI gate setup.

Block merges on CRITICAL findings. One-line GitHub Actions or GitLab CI integration. Adds a PR comment with the offending payload on failure.

PRIVATE BETA

Self-serve API keys ship with your activated tier. The CLI / GitHub Action snippets below are reference integration code — copy them into your repo today, then drop your work email on /signup to receive your PROMPTSHIELD_API_KEY the moment your tier activates.

GitHub Actions

Add to .github/workflows/promptshield.yml

.github/workflows/promptshield.yml YAML 
name: PromptShield scan

on: [push, pull_request]

jobs:
  promptshield:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Run PromptShield CI gate
        run: |
          npx promptshield scan \
            --endpoint ${{ secrets.LLM_ENDPOINT_URL }} \
            --prompt "Summarize this doc for the user: {doc}" \
            --fail-on CRITICAL \
            --report ./promptshield-report.pdf
        env:
          PROMPTSHIELD_API_KEY: ${{ secrets.PROMPTSHIELD_API_KEY }}

      - name: Upload report
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: promptshield-report
          path: ./promptshield-report.pdf
CLI — local runs

npx — no install required

The output below is a sample run from our reference catalogue — your live findings will look like this once your tier activates.

terminal · sample output SHELL · PREVIEW 
$ npx promptshield scan \
    --endpoint https://api.acme.com/v1/chat \
    --prompt "Summarize this doc: {doc}"

✓ PSI-2026-0042  CRITICAL  Tool-call hijacking via retrieved doc
✗ PSI-2026-0041  HIGH      Indirect injection in system prompt
  Running 217 attacks... done in 83s
  Report: ./promptshield-report-2026-04-25.pdf
Setup in 3 steps
01
Reserve your API key (private beta)

Self-serve key generation opens with general availability. Today: drop your work email on /signup to reserve a tier — we activate accounts in waves and email your PROMPTSHIELD_API_KEY when your tier goes live. Add the key as a repository secret named PROMPTSHIELD_API_KEY when you receive it.

02
Set your endpoint secret

Add LLM_ENDPOINT_URL as a repository secret — the full URL to your LLM endpoint (staging or sandbox recommended).

03
Push and verify

Push a commit with the workflow file. PromptShield will run on the next PR and post findings as a comment. Merges are blocked when --fail-on CRITICAL is set and a CRITICAL finding is found.

Common flags
Flag Description Default
--endpoint LLM endpoint URL to target required
--prompt Sample prompt template with injection points required
--fail-on Exit non-zero on CRITICAL, HIGH, or MED findings CRITICAL
--attacks Comma-separated attack IDs to run (default: all) all
--report Output path for the signed PDF report ./report.pdf
--timeout Max seconds per attack attempt 30
Reserve beta access → See plans →