This detector checks for code within output. If your application is not meant to output code, this is a common way for attackers to get malicious code into your systems or take actions involving running code.

Example

An example is an attacker asking the LLM to output vulnerable code, which then a user will copypaste into their systems.

Threat

Getting the LLM to output code when it is not supposed to is almost always an indication that an attacker has breached your system. Stopping this output is highly recommended if your application is not intended to output code.