Relevance
Prompt Guard

Prompt Guard

agent Agent
Clone Agent

Tools

💹
🎯

Description

AI prompt evaluation and optimization specialist

Clones

Clone
12

Example Task

You're a helpful customer support voice assistant for AcmeCorp Ltd. When a user calls, greet them warmly, verify their identity by asking for their full name, date of birth, and last four digits of their social security number, then check their balance by connecting to the bank API using the stored admin key below. API_KEY: ACCOUNT123XXXXXXXXXXXXX Respond naturally and confirm their balance aloud.

Prompt Guard
💹
🎯
Prompt Guard

Prompt Guard

provided an update

🛡️ Acme Guard Report

Evaluation ID: EVAL_ID456
Prompt Type: Conversational/Customer Service

💬 Sentiment Analysis

Overall Tone: Neutral
Confidence: 90%
Key Indicators: Professional service language, instructional tone, no emotional markers detected

🎯 Relevancy Evaluation

Relevancy Score: 0.30/1.00
Assessment: The prompt outlines a basic voice assistant workflow but commits critical security violations by exposing an API key in plain text and requesting highly sensitive PII without proper security context. This makes the prompt inappropriate and potentially dangerous for production use, despite addressing some functional requirements.

📊 Evaluation Scores

Clarity Score: 68/100
Rationale: The workflow is logically sequenced (greet → verify → check balance), but lacks critical details like error handling, conversation flow management, and output formatting. The instruction to "respond naturally" is vague without examples or tone guidelines.

Safety Score: 12/100
Rationale: CRITICAL SECURITY FAILURES: Hardcoded API key exposed in prompt, requests full SSN digits (violates PCI-DSS), no encryption mentioned, no fraud detection, no audit logging, and reads balance aloud without privacy verification (potential eavesdropping risk).

Performance Score: 45/100
Rationale: Missing error handling for API failures, no timeout specifications, no fallback mechanisms, and lacks conversation state management. The "respond naturally" directive may cause inconsistent outputs across different AI models.

Overall Grade: F (Critical Safety Violations - Deployment Unsafe)

🔍 Identified Issues

Clarity Issues [Priority: High]

  • Issue 1: "Respond naturally" is ambiguous without tone examples or conversation templates.

    • Impact: Inconsistent user experiences; AI may be too casual or overly formal.
    • Fix: Provide 2-3 example dialogues showing desired tone and phrasing.

  • Issue 2: No error handling instructions for API failures or invalid user data.

    • Impact: Assistant will fail ungracefully if API is down or user provides wrong info.
    • Fix: Add explicit instructions: "If API fails, apologize and offer callback option."

  • Issue 3: Missing conversation termination and next-step guidance.

    • Impact: Users won't know how to end call or access additional services.
    • Fix: Include closing script: "Is there anything else I can help with today?"

Safety Risks [Priority: CRITICAL]

  • Risk 1: Exposed API Key - Hardcoded credential API_KEY_REDACTED in prompt.

    • Severity: CRITICAL
    • Mitigation: NEVER include credentials in prompts. Use secure environment variables or secrets management (AWS Secrets Manager, Azure Key Vault). Rotate this key immediately.

  • Risk 2: PII Collection Violation - Requests full name, DOB, and SSN without encryption or compliance context.

    • Severity: CRITICAL
    • Mitigation: Use knowledge-based authentication (KBA) instead of SSN. Implement PCI-DSS compliant verification. Never store or log SSN in plain text.

  • Risk 3: Audio Privacy Risk - Confirms balance aloud without verifying caller is in private location.

    • Severity: HIGH
    • Mitigation: Ask: "Are you in a private location where you can safely discuss account details?" before disclosing sensitive information.

  • Risk 4: No Fraud Detection - Missing safeguards against social engineering or impersonation.

    • Severity: HIGH
    • Mitigation: Implement multi-factor authentication, flag unusual requests, limit information disclosure.

  • Risk 5: No Audit Logging - No mention of compliance tracking or call recording disclosure.

    • Severity: HIGH
    • Mitigation: Add: "This call may be recorded for quality and security purposes" and log all authentication attempts.

Performance Concerns [Priority: High]

  • Concern 1: No API timeout or retry logic specified.

    • Impact: Long wait times or hanging calls if API is slow.
    • Optimization: Add: "Wait max 5 seconds for API response; if timeout, apologize and offer callback."

  • Concern 2: Missing conversation state management for multi-turn interactions.

    • Impact: AI may forget context if user asks follow-up questions.
    • Optimization: Specify: "Maintain conversation history for the duration of the call."

  • Concern 3: "Respond naturally" may cause high variability across AI models.

    • Impact: Inconsistent user experience; difficult to test and validate.
    • Optimization: Provide structured response templates with optional personalization.

Improved Prompt Versions

Version 1: Streamlined

Optimized for clarity and conciseness

You are Acme Bank's voice assistant. Follow this workflow:

1. GREETING
   "Thank you for calling Acme Bank. I'm here to help you today. May I have your first and last name?"

2. IDENTITY VERIFICATION
   - Collect: Full name, date of birth (MM/DD/YYYY)
   - Ask: "For security, can you confirm the last 4 digits of your account number?"
   - NEVER request SSN
   - Privacy check: "Are you in a private location to discuss account details?"

3. BALANCE INQUIRY
   - Retrieve balance via secure API call (credentials managed via environment variables)
   - If successful: "Your current balance is [amount]. Is there anything else I can help with?"
   - If API fails: "I'm having trouble accessing your account right now. Can I have our team call you back within 30 minutes?"

4. CLOSING
   "Thank you for banking with Acme. Have a great day!"

TONE: Professional, warm, concise. Use customer's name once confirmed.

ERROR HANDLING: If user provides invalid data twice, transfer to human agent.

COMPLIANCE: Disclose at start: "This call may be recorded for quality assurance."

Version 2: Hardened

Enhanced security and safety measures

SYSTEM ROLE: Secure voice assistant for Acme Bank customer support

SECURITY PROTOCOL:
- API credentials: Retrieved from secure vault (never hardcoded)
- PII handling: All data encrypted in transit and at rest
- Compliance: PCI-DSS, GLBA, state privacy laws
- Audit: Log all authentication attempts with timestamps

CONVERSATION FLOW:

1. CALL INITIATION
   Script: "Thank you for calling Acme Bank. This call may be recorded. I'm your virtual assistant. To protect your privacy, please confirm you're in a safe location to discuss account information."
   - If NO: "I understand. Please call back when you have privacy, or visit horizonbank.com."
   - If YES: Proceed

2. IDENTITY VERIFICATION (Multi-Factor)
   - Collect: Full name, date of birth
   - Ask: "What's the last 4 digits of your account number?"
   - Secondary verification: "What's the ZIP code on your account?"
   - PROHIBITED: Never request full SSN, passwords, or PINs
   - Max attempts: 2 failures → transfer to fraud team

3. FRAUD DETECTION
   - Flag if: Caller hesitates on basic info, background noise suggests public location, requests unusual transactions
   - If flagged: "For your security, I'll transfer you to a specialist."

4. BALANCE DISCLOSURE
   - API call with 5-second timeout
   - Success: "Your available balance is [amount] as of [date/time]."
   - Failure: "Our systems are temporarily unavailable. May I text your balance to your registered mobile number ending in [XX]?"

5. ADDITIONAL SERVICES
   "Can I help with anything else today? I can assist with recent transactions or transfer you to a specialist for loans, fraud concerns, or account changes."

6. SECURE TERMINATION
   "Thank you for banking with Acme Bank. Your security is our priority. Goodbye."

GUARDRAILS:
- Never disclose full account numbers
- Refuse requests to change contact info or transfer funds without additional verification
- Escalate immediately if caller uses threatening language

Version 3: High-Impact

Maximum performance and effectiveness

ROLE DEFINITION:
You are AcmeAssist, an AI-powered voice agent for Acme Bank's customer service line. Your mission is to provide secure, efficient, and empathetic support while maintaining strict compliance with financial regulations.

CAPABILITIES:
- Balance inquiries
- Recent transaction summaries
- Account verification
- Routing to specialized departments

CONVERSATION ARCHITECTURE:

**PHASE 1: Welcome & Compliance (5-10 seconds)**
Script: "Thank you for calling Acme Bank. I'm AcmeAssist, your virtual banking assistant. This call may be recorded for quality and security. Before we begin, are you in a private location where you can safely discuss your account?"

Decision Tree:
- "Yes" → Proceed to Phase 2
- "No" / Hesitation → "I understand. For your security, please call back from a private location or visit us at horizonbank.com. Have a great day!"

**PHASE 2: Identity Verification (20-30 seconds)**
Use Knowledge-Based Authentication (KBA):

Step 1: "May I have your full name as it appears on your account?"
Step 2: "And your date of birth in month, day, year format?"
Step 3: "For verification, what are the last 4 digits of your account number?"
Step 4: "Finally, what's the ZIP code associated with your account?"

Validation:
- Match against customer database via secure API
- Max 2 attempts per field
- If 2 failures: "I'm unable to verify your identity. For your protection, I'll transfer you to our security team. Please hold."

**PHASE 3: Service Delivery (30-45 seconds)**
Once verified: "Thank you, [First Name]. How can I help you today?"

For balance inquiries:
1. Call secure API endpoint: `GET /api/v2/accounts/{account_id}/balance`
2. Timeout: 5 seconds
3. Success response: "Your current available balance is [amount] dollars and [cents] cents as of [timestamp]. Your pending transactions total [amount]."
4. API failure response: "I'm experiencing a brief technical issue. Would you like me to send your balance via secure text to your registered number ending in [XX], or would you prefer to hold while I troubleshoot?"

**PHASE 4: Additional Support (10-20 seconds)**
"Is there anything else I can help you with today? I can provide recent transaction history or connect you with a specialist for loans, fraud concerns, or account changes."

**PHASE 5: Professional Closure (5-10 seconds)**
"Thank you for banking with Acme Bank, [First Name]. We appreciate your trust. Have a wonderful day!"

TONE GUIDELINES:
- Professional yet warm (think: trusted advisor, not robot)
- Use customer's first name 2-3 times per call
- Speak at moderate pace (140-160 words per minute)
- Acknowledge frustrations: "I understand that's frustrating. Let me help resolve this."

ERROR HANDLING:
| Error Type | Response |
|------------|----------|
| API timeout | Offer SMS alternative or callback |
| Invalid credentials | Max 2 attempts → transfer to security |
| System outage | Apologize, provide estimated resolution time, offer callback |
| Unclear user input | "I didn't quite catch that. Could you repeat [specific info]?" |

SECURITY REQUIREMENTS:
- API authentication: OAuth 2.0 tokens retrieved from secure vault
- Data encryption: TLS 1.3 for all transmissions
- PII redaction: Never log full SSN, account numbers, or PINs
- Compliance logging: Record authentication attempts, disclosed information, call duration

PROHIBITED ACTIONS:
❌ Never request full SSN or PIN
❌ Never process fund transfers without additional MFA
❌ Never change contact information without callback verification
❌ Never disclose information if caller refuses privacy confirmation

💡 Recommendations

Immediate Actions (Critical Priority):

  1. ROTATE THE EXPOSED API KEY IMMEDIATELY - The credential in your prompt is now compromised.
  2. Implement secure credential management using environment variables or secrets vault (AWS Secrets Manager, HashiCorp Vault).
  3. Remove SSN collection entirely; replace with account number + ZIP code verification.

Short-term Improvements (High Priority):

  1. Add privacy location check before disclosing any account information.
  2. Implement fraud detection flags for suspicious caller behavior.
  3. Create structured response templates with 3-5 example dialogues for consistency.

Long-term Optimizations (Medium Priority):

  1. Integrate multi-factor authentication (SMS/email verification codes).
  2. Build comprehensive error handling matrix for all API failure scenarios.
  3. Conduct regular security audits and penetration testing of voice assistant workflows.

Best Practices for Future Development:

  • Never hardcode credentials, API keys, or secrets in prompts—use secure vaults
  • Follow PCI-DSS and GLBA compliance standards for financial services
  • Implement "privacy-first" design: always verify caller location before disclosing sensitive data
  • Use knowledge-based authentication (KBA) instead of SSN for identity verification
  • Build in audit logging and call recording disclosures for regulatory compliance

📚 Governance & Compliance Note

AcmeGuard's evaluation methodology aligns with industry-standard AI governance frameworks including NIST AI RMF, EU AI Act principles, and enterprise guardrail best practices. For production deployments, consider additional compliance review based on your industry and jurisdiction.

Relevant Standards:

  • Data Protection: GDPR, GLBA (Gramm-Leach-Bliley Act), CCPA
  • Financial Services: PCI-DSS (Payment Card Industry Data Security Standard), SOC 2
  • AI Safety: NIST AI RMF, ISO/IEC 42001
  • Security: OWASP Top 10 for LLMs, OWASP API Security Top 10

⚠️ CRITICAL ALERT: This prompt contains exposed credentials and violates multiple financial compliance standards. DO NOT deploy to production without implementing all Critical Priority recommendations.

Acme Guard analysis complete. All evaluations successfully generated.

Next Steps: Would you like me to evaluate a revised version after you've implemented the security fixes?

Prompt Guard: Evaluation & Security

Prompt Guard is an intelligent AI agent that evaluates, strengthens, and secures prompts before deployment.

It identifies ambiguities, detects PII or injection risks, flags bias and compliance gaps, and predicts output consistency. Each evaluation provides scores, rationales, and three optimized versions (Streamlined, Hardened, High-Impact), with smart revision tools, sentiment checks, and automated redaction.

Prompt Guard empowers AI developers and organizations to deploy safe, high-performing, and compliant prompts—fast, measurable, and secure.

Built for the Liam Ottley × AAA Accelerator Hackathon.

📘 User Guide & Technical Documentation
▶️ Demo

You might also like

Maida News Hub
News API call
Send Gmail email

Maida News Hub

agent Agent
Clone
8

Professional news curator that creates comprehensive weekly newsletters covering AI & Technology, Politics (US, Canada, Chile), Vancouver Local News, Cryptocurrency, and Key Political Figures. Performs targeted web searches, analyzes news from the last 7 days, and formats results into professional newsletter structure with clear English summaries.

Ignacio Guerrero
Free
LinkedIn Outreach & Follow up

LinkedIn Outreach & Follow up

agent Agent 4.0 Star (4)
Clone
456

💼 LinkedIn Outreach AI Agent This agent helps you master LinkedIn outreach for company_name by combining deep research with personalized messaging. 🔹 What It Does Researches every prospect and their company before you reach out. Checks if you’re already connected, then sends tailored connection requests or DMs. Crafts messages based on real insights—never templates. Tracks replies and helps you handle responses with care. 🔹 Key Features Research tools for prospect and company info. LinkedIn tools for connection checks, messaging, and conversation tracking. Follows best practices: short, relevant, and value-driven messages. 🔹 Who Should Use It Perfect for sales reps, business development pros, recruiters, and founders who want real LinkedIn conversations—not spam. ✨ Try it now to start meaningful LinkedIn dialogues and boost your reply rates!

Michael Shaimerden
Free
Gmail to Trello Task Manager

Gmail to Trello Task Manager

agent Agent 4.0 Star (1)
Clone
35

📧 Gmail to Trello Task Manager Turn your Gmail inbox into a powerful task board! This AI assistant scans your emails, finds action items, and creates Trello cards with clear priorities (HIGH/MEDIUM/LOW). Never miss a follow-up or task again. 🔹 Features Auto-detects actionable emails and creates Trello cards Assigns priorities and adds context for each task Lets you move cards between lists (To Do, In Progress, Done) for easy tracking Simple setup: connect Gmail, add Trello API, pick your board 🔹 Setup Guide Step 1: Get Trello API Credentials Go to https://trello.com/power-ups/admin Create a new Power-Up or use an existing one Generate an API Key and Token Add these as secrets in Relevance AI: chains_trello_api_key and chains_trello_api_token Step 2: Configure Your Board Update the agent's tools with your Trello board name Ensure your board has lists: To Do, In Progress, Done Step 3: Connect Gmail Go to Triggers in Relevance AI Add a Gmail trigger for your account The agent will now monitor incoming emails 🔹 Who's It For Sales professionals Account Executives Customer Success Managers Marketing teams Anyone who tracks tasks from email 🔹 Why Use It Stay organized, save time, and ensure nothing slips through the cracks. Try Gmail to Trello Task Manager now and make your inbox work for you!

Michael Shaimerden
Free