PromptShieldIgnore Directives
PromptShield supports ignore directives to suppress specific detections.
This allows developers to acknowledge and intentionally allow content that would otherwise be flagged.
Syntax
A line can be ignored using:
promptshield-ignoreExample:
<!-- promptshield-ignore -->
Ignores threats on this lineThe directive applies to the next line.
Why ignore directives exist
Some content is intentionally allowed, such as:
- documentation examples
- test fixtures
- security research content
- encoded data samples
- educational material
Ignore directives allow these cases without disabling the scanner.
Security considerations
Ignore directives can introduce risk if used improperly.
Attackers may attempt to include ignore directives inside user-generated content.
Because of this, PromptShield provides configuration to disable ignore handling.
Disabling ignore directives
Ignore directives can be disabled using:
allowIgnoreDirectives: falseWhen disabled:
- ignore directives are ignored
- threats are still reported
- suppression does not occur
This is recommended for:
- CI environments
- production scanning
- server-side validation
- prompt ingestion pipelines
Visible suppression
PromptShield does not silently suppress threats.
When a directive suppresses detection, the scanner may report:
Threat suppressed by promptshield-ignore directiveThis ensures visibility and auditability.
Recommended usage
Use ignore directives sparingly and only in:
- trusted code
- test files
- documentation examples
Avoid using ignore directives in:
- user content
- prompt templates
- production prompts
Mental model
Ignore directives are similar to:
eslint-disable
ts-ignoreThey are an escape hatch, not a default workflow.