Skip to content

PromptScript API

Variable: unicodeSecurity

const unicodeSecurity: ValidationRule

Defined in: validator/src/rules/unicode-security.ts:206

PS014: Detect Unicode-based security attacks.

This rule identifies potentially malicious use of Unicode features that can hide or disguise content:

  1. Bidirectional override characters (RTL/LTR overrides)
  2. Zero-width characters that can break pattern matching
  3. Homograph attacks (Cyrillic/Greek characters mixed with Latin)
  4. Excessive combining characters (Zalgo text)

Note: Legitimate multilingual content (pure Arabic, Hebrew, Russian, etc.) is NOT flagged. Only suspicious patterns are reported.