> ## Documentation Index > Fetch the complete documentation index at: https://docs.enkryptai.com/llms.txt > Use this file to discover all available pages before exploring further. # Scan URL > Scan a URL for security threats including injection attacks and policy violations ## OpenAPI ````yaml POST /guardrails/scan-url openapi: 3.0.0 info: title: Enkrypt AI APIs version: 2.0.0 servers: - url: https://api.enkryptai.com security: - apiKeyAuth: [] tags: - name: Guardrails - name: Code of Conduct - name: Endpoints - name: Datasets - name: Redteam - name: Deployments - name: AI Proxy - name: Leaderboard - name: Archived - name: MCP Hub description: >- MCP Hub vulnerability scanning APIs. Submitting scans (the POST endpoints) is open to all authenticated callers. The scan **retrieval** APIs — Get Scan Job Status, Get Complete Scan Results, List Scans, and Get MCP Hub Scan Statistics (the GET endpoints) — are an **enterprise data-license feature**: they require your organization to have MCP Hub API access enabled by Enkrypt, otherwise they return `403`. Contact us at support@enkryptai.com to enable access. - name: MCP Registry Servers - name: MCP Gateways - name: MCP Playground paths: /guardrails/scan-url: post: tags: - Guardrails summary: >- Scan a URL for security threats including injection attacks and policy violations. description: >- Analyzes the provided URL and returns details about any detected threats, including which detectors were triggered and highlights of unsafe content. operationId: scanUrl requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ScanUrlRequestBody' responses: '200': description: Scan results for the provided URL. content: application/json: schema: $ref: '#/components/schemas/ScanUrlResponseBody' examples: success: value: summary: injection_attack: 1 bias: 1 policy_violation: 0 details: url: https://example.com metadata: title: Example Domain language: en total_fragments: 2 fragments_with_detections: 2 detections: - unsafe_content: Example Domain chunk_type: title triggered_detectors: - bias detector_details: injection_attack: safe: '0.999417' attack: '0.000583' most_unsafe_content: Example Domain compliance_mapping: {} policy_violation: policy_violation: violating_policy: No Violation Found explanation: No Violation Found bias: bias: bias_detected: true debiased_text: Example Website compliance_mapping: owasp_llm_2025: - LLM09:2025 Misinformation - LLM04:2025 Data and Model Poisoning mitre_atlas: [] nist_ai_rmf: - >- MEASURE 2.1-2.5 (AI system bias evaluation & management) eu_ai_act: - >- Article 10(2)(f), Article 15(3) (Bias detection, correction & mitigation) iso_iec_standards: - 'ISO/IEC TR 24027: 5.2 (Bias in AI systems)' - unsafe_content: >- Example Domain This domain is for use in documentation examples without needing permission. Avoid use in operations. Learn more chunk_type: text_block triggered_detectors: - injection_attack - bias detector_details: injection_attack: safe: '0.030481' attack: '0.969519' most_unsafe_content: >- Example Domain This domain is for use in documentation examples without needing permission. Avoid use in operations. Learn more compliance_mapping: owasp_llm_2025: - LLM01:2025 Prompt Injection mitre_atlas: - 'AML.T0051: LLM Prompt Injection' - 'AML.T0054: LLM Jailbreaking' nist_ai_rmf: - >- MAP 2.3, MEASURE 2.3 (Input manipulation & adversarial attacks) eu_ai_act: - >- Article 15(4) (Robustness against manipulation) iso_iec_standards: - 'ISO/IEC 42001: 6.4.3' - 'ISO/IEC 27001: A.14.2' policy_violation: policy_violation: violating_policy: No Violation Found explanation: No Violation Found bias: bias: bias_detected: true debiased_text: >- This domain is intended for use in documentation purposes, providing a safe space for experimentation without impacting live systems. compliance_mapping: owasp_llm_2025: - LLM09:2025 Misinformation - LLM04:2025 Data and Model Poisoning mitre_atlas: [] nist_ai_rmf: - >- MEASURE 2.1-2.5 (AI system bias evaluation & management) eu_ai_act: - >- Article 10(2)(f), Article 15(3) (Bias detection, correction & mitigation) iso_iec_standards: - 'ISO/IEC TR 24027: 5.2 (Bias in AI systems)' combined_highlight_url: >- https://example.com#:~:text=Example%20Domain&text=Example%20Domain%20This,operations.%20Learn%20more components: schemas: ScanUrlRequestBody: title: ScanUrlRequestBody type: object properties: url: type: string format: uri description: The URL to scan and analyze. detectors: $ref: '#/components/schemas/GuardrailsDetectorsObject' required: - url ScanUrlResponseBody: title: ScanUrlResponseBody type: object required: - summary - details properties: summary: type: object description: Summary counts of detections by detector type. additionalProperties: type: integer details: $ref: '#/components/schemas/ScanUrlDetails' GuardrailsDetectorsObject: title: GuardrailsDetectorsObject type: object properties: topic_detector: type: object title: TopicDetector required: - enabled properties: enabled: type: boolean title: Enabled topic: type: array title: Topic items: type: string block_message: type: string title: Block Message description: >- Optional custom message returned when this detector triggers a block. If not provided, a built-in default message is used. nsfw: type: object title: NSFWDetector required: - enabled properties: enabled: type: boolean title: Enabled block_message: type: string title: Block Message description: >- Optional custom message returned when this detector triggers a block. If not provided, a built-in default message is used. toxicity: type: object title: ToxicityDetector required: - enabled properties: enabled: type: boolean title: Enabled block_message: type: string title: Block Message description: >- Optional custom message returned when this detector triggers a block. If not provided, a built-in default message is used. pii: type: object title: PIIDetector required: - enabled - entities properties: enabled: type: boolean title: Enabled entities: type: array title: Entities items: type: string enum: - pii - secrets - ip_address - url injection_attack: type: object title: InjectionAttackDetector required: - enabled properties: enabled: type: boolean title: Enabled block_message: type: string title: Block Message description: >- Optional custom message returned when this detector triggers a block. If not provided, a built-in default message is used. keyword_detector: type: object title: KeywordDetector required: - enabled - banned_keywords properties: enabled: type: boolean title: Enabled banned_keywords: type: array title: Banned Keywords items: type: string system_prompt: type: object title: SystemPromptDetector required: - enabled - index properties: enabled: type: boolean title: Enabled example: false index: type: string title: Index enum: - system description: Index example: system block_message: type: string title: Block Message description: >- Optional custom message returned when this detector triggers a block. If not provided, a built-in default message is used. copyright_ip: type: object title: CopyrightIPDetector required: - enabled properties: enabled: type: boolean title: Enabled example: false block_message: type: string title: Block Message description: >- Optional custom message returned when this detector triggers a block. If not provided, a built-in default message is used. policy_violation: type: object title: PolicyAdherenceDetector required: - enabled properties: enabled: type: boolean title: Enabled policy_text: type: string title: Policy Text description: Optional policy text to use if not using coc_policy_name coc_policy_name: type: string title: COC Policy Name description: >- The name of the saved COC policy to use instead of using policy_text need_explanation: type: boolean title: Need Explanation block_message: type: string title: Block Message description: >- Optional custom message returned when this detector triggers a block. If not provided, a built-in default message is used. bias: type: object title: BiasDetector required: - enabled properties: enabled: type: boolean title: Enabled sponge_attack: type: object title: SpongeAttackDetector required: - enabled properties: enabled: type: boolean title: Enabled example: false block_message: type: string title: Block Message description: >- Optional custom message returned when this detector triggers a block. If not provided, a built-in default message is used. ScanUrlDetails: title: ScanUrlDetails type: object description: >- Detailed scan results including URL metadata and fragment-level information. properties: url: type: string format: uri description: The URL that was scanned. metadata: $ref: '#/components/schemas/ScanUrlMetadata' total_fragments: type: integer description: Total number of text fragments extracted from the URL. fragments_with_detections: type: integer description: Number of fragments that had detections. detections: type: array description: List of detections found in the URL content. items: $ref: '#/components/schemas/ScanUrlDetection' combined_highlight_url: type: string format: uri description: URL with text fragment highlights for all detections. ScanUrlMetadata: title: ScanUrlMetadata type: object description: Metadata extracted from the scanned URL. properties: title: type: string description: The page title. description: type: string description: The page meta description. language: type: string description: The detected language of the page content. ScanUrlDetection: title: ScanUrlDetection type: object properties: unsafe_content: type: string description: The content that was flagged as unsafe. chunk_type: type: string description: The type of content chunk that was analyzed. triggered_detectors: type: array items: type: string description: List of detectors that flagged this content. detector_details: type: object additionalProperties: true description: >- Detailed results from each detector, including compliance mapping where applicable. securitySchemes: apiKeyAuth: type: apiKey in: header name: apikey ````