docs/src/content/en/reference/processors/system-prompt-scrubber.mdx
The SystemPromptScrubber is an output processor that detects and handles system prompts, instructions, and other revealing information that could introduce security vulnerabilities. This processor helps maintain security by identifying various types of system prompts and providing flexible strategies for handling them, including multiple redaction methods to ensure sensitive information is properly sanitized.
import { SystemPromptScrubber } from '@mastra/core/processors'
const processor = new SystemPromptScrubber({
model: 'openrouter/openai/gpt-oss-safeguard-20b',
strategy: 'redact',
redactionMethod: 'mask',
includeDetections: true,
})
<PropertiesTable content={[ { name: 'options', type: 'Options', description: 'Configuration options for system prompt detection and handling', isOptional: false, properties: [ { type: 'Options', parameters: [ { name: 'model', type: 'MastraModelConfig', description: 'Model configuration for the detection agent', isOptional: false, }, { name: 'strategy', type: "'block' | 'warn' | 'filter' | 'redact'", description: "Strategy when system prompts are detected: 'block' rejects with error, 'warn' logs warning but allows through, 'filter' removes flagged messages, 'redact' replaces with redacted versions", isOptional: true, default: "'redact'", }, { name: 'customPatterns', type: 'string[]', description: 'Custom patterns to detect system prompts (regex strings)', isOptional: true, default: '[]', }, { name: 'includeDetections', type: 'boolean', description: 'Whether to include detection details in warnings. Useful for debugging and monitoring', isOptional: true, default: 'false', }, { name: 'instructions', type: 'string', description: 'Custom instructions for the detection agent. If not provided, uses default instructions', isOptional: true, default: 'undefined', }, { name: 'redactionMethod', type: "'mask' | 'placeholder' | 'remove'", description: "Redaction method for system prompts: 'mask' replaces with asterisks, 'placeholder' replaces with placeholder text, 'remove' removes entirely", isOptional: true, default: "'mask'", }, { name: 'placeholderText', type: 'string', description: "Custom placeholder text for redaction when redactionMethod is 'placeholder'", isOptional: true, default: "'[SYSTEM_PROMPT]'", }, ], }, ], }, ]} />
<PropertiesTable content={[ { name: 'id', type: 'string', description: "Processor identifier set to 'system-prompt-scrubber'", isOptional: false, }, { name: 'name', type: 'string', description: 'Optional processor display name', isOptional: true, }, { name: 'processOutputStream', type: '(args: { part: ChunkType; streamParts: ChunkType[]; state: Record<string, any>; abort: (reason?: string) => never; tracingContext?: TracingContext }) => Promise<ChunkType | null>', description: 'Processes streaming output parts to detect and handle system prompts during streaming', isOptional: false, }, { name: 'processOutputResult', type: '(args: { messages: MastraDBMessage[]; abort: (reason?: string) => never }) => Promise<MastraDBMessage[]>', description: 'Processes final output results to detect and handle system prompts in non-streaming scenarios', isOptional: false, }, ]} />
When using SystemPromptScrubber as an output processor, it's recommended to combine it with BatchPartsProcessor to optimize performance. The BatchPartsProcessor batches stream chunks together before passing them to the scrubber, reducing the number of LLM calls required for detection.
import { Agent } from '@mastra/core/agent'
import { BatchPartsProcessor, SystemPromptScrubber } from '@mastra/core/processors'
export const agent = new Agent({
name: 'scrubbed-agent',
instructions: 'You are a helpful assistant',
model: 'openai/gpt-5.4',
outputProcessors: [
// Batch stream parts first to reduce LLM calls
new BatchPartsProcessor({
batchSize: 10,
}),
// Then apply system prompt detection on batched content
new SystemPromptScrubber({
model: 'openrouter/openai/gpt-oss-safeguard-20b',
strategy: 'redact',
customPatterns: ['system prompt', 'internal instructions'],
includeDetections: true,
redactionMethod: 'placeholder',
placeholderText: '[REDACTED]',
}),
],
})