Creative
PromptBeginner5 minmarkdown
- Starting a stream before calling `protect()` — if the request is denied mid-stream
the client gets a broken response. Always call `protect()` first and return an error before opening the stream.
1
Explore
Find agent skills by outcome
131,807 skills indexed with the new KISS metadata standard.
Showing 24 of 131,807Categories: General, Data, Coding & Debugging, Productivity, Communication, Creative, Education
Data
PromptBeginner5 minmarkdown
- Sensitive info detection runs **locally in WASM** — no user data is sent to external services. It is only available in route handlers
not in Next.js pages or server actions.
1
General
PromptBeginner5 minmarkdown
**Vercel AI SDK**: Arcjet works alongside the Vercel AI SDK. Call `protect()` before `streamText()` / `generateText()`. If denied
return a plain error response instead of calling the AI SDK.
1
General
PromptBeginner5 minmarkdown
**Multiple models / providers**: Use the same Arcjet instance regardless of which AI provider you use. Arcjet operates at the HTTP layer
independent of the model provider.
1
Creative
PromptBeginner5 minmarkdown
**Streaming responses**: Call `protect()` before starting the stream. If denied
return the error before opening the stream — don't start streaming and then abort.
2
General
PromptBeginner5 minmarkdown
- `list-requests` — confirm decisions are being recorded
filter by conclusion to see blocks
1
Data
PromptBeginner5 minmarkdown
If the user wants a full security review
suggest the `/arcjet:security-analyst` agent which can investigate traffic
0
Creative
PromptBeginner5 minmarkdown
Start all rules in `DRY_RUN` mode first. Once verified
promote to `LIVE`.
0
General
PromptBeginner5 minmarkdown
Adapt the response format to your framework (e.g.
`res.status(429).json(...)` for Express).
0
General
PromptBeginner5 minmarkdown
console.warn(Arcjet error:
decision.reason.message);
0
General
PromptBeginner5 minmarkdown
sensitiveInfoValue: userMessage
// PII scanning
0
General
PromptBeginner5 minmarkdown
detectPromptInjectionMessage: userMessage
// injection detection
0
General
PromptBeginner5 minmarkdown
return Response.json({ error: Forbidden }
{ status: 403 });
0
Coding & Debugging
PromptBeginner5 minmarkdown
Always include `shield()` (WAF) and `detectBot()` as base layers. Bots scraping AI endpoints are a common abuse vector. For endpoints accessed via browsers (e.g. chat interfaces)
consider adding Arcjet advanced signals for client-side bot detection that catches sophisticated headless browsers. See https://docs.arcjet.com/bot-protection/advanced-signals for setup.
0
General
PromptBeginner5 minmarkdown
const decision = await aj.protect(req
{
0
General
PromptBeginner5 minmarkdown
requested: 1
// tokens to deduct for rate limiting
0
General
PromptBeginner5 minmarkdown
Set `characteristics` to track per-user: `[userId]` if authenticated
defaults to IP-based.
0
General
PromptBeginner5 minmarkdown
Pass the `requested` parameter at `protect()` time to deduct tokens proportional to model cost. For example
deduct 1 token per message
0
General
PromptBeginner5 minmarkdown
Use `tokenBucket()` / `token_bucket()` for AI endpoints — the `requested` parameter can be set proportional to actual model token usage
directly linking rate limiting to cost. It also allows short bursts while enforcing an average rate
0
Coding & Debugging
PromptBeginner5 minmarkdown
- Python: `detect_sensitive_info(deny=[SensitiveInfoType.EMAIL
SensitiveInfoType.CREDIT_CARD_NUMBER
0
Communication
PromptBeginner5 minmarkdown
- JS: `sensitiveInfo({ deny: [EMAIL
CREDIT_CARD_NUMBER
0
General
PromptBeginner5 minmarkdown
Detects jailbreaks
role-play escapes
0
General
PromptBeginner5 minmarkdown
Arcjet rules run **before** the request reaches your AI model — blocking prompt injection
PII leakage
0
General
PromptBeginner5 minmarkdown
Check for an existing shared Arcjet client (see `/arcjet:protect-route` for full setup). If none exists
set one up first with `shield()` as the base rule. The user will need to register for an Arcjet account at https://app.arcjet.com then use the `ARCJET_KEY` in their environment variables.
0