wyreup
inspect

Text Suspicious

Single security verdict on a block of text. Combines text-confusable's homoglyph / mixed-script detection with checks for invisible-character density, control characters, BOM markers, and non-ASCII heaviness. Returns a verdict (clean / low / medium / high) with the contributing findings — the "should I trust this prompt-injection-shaped message" tool.

Loading…

About Text Suspicious

Text Suspicious gives a single security verdict on a block of text, combining homoglyph and mixed-script detection with checks for invisible-character density, control characters, BOM markers, and non-ASCII heaviness. It's the "should I trust this message" tool, useful when a prompt or pasted instruction looks normal but might be hiding spoofed characters. It returns a verdict of clean, low, medium, or high alongside the findings that drove it, all computed in your browser.

Category
inspect
Input
Accepts: text/plain.
Output
Outputs: application/json.
Cost
Free, runs in your browser
Memory
low
Privacy: Text Suspicious runs entirely on your device. Files you provide never leave your browser — no uploads, no server, no tracking. The page works offline once loaded.

Common uses

  • Screen a pasted prompt or instruction for hidden prompt-injection tricks before acting on it
  • Flag a domain or username that uses look-alike Cyrillic characters to impersonate a brand
  • Detect invisible zero-width characters smuggled into text copied from a web page
  • Audit user-submitted content for control characters or BOM markers that break downstream parsing
  • Triage a suspicious support message that mixes scripts to dodge keyword filters
  • Sanity-check text from an untrusted source before pasting it into an automated pipeline

Frequently asked questions

What does the verdict mean?

It's a single rating (clean, low, medium, or high) summarizing how suspicious the text is, backed by a list of the specific findings that contributed.

What kinds of issues does it catch?

Homoglyphs and mixed scripts (via text-confusable's logic), invisible-character density, control characters, BOM markers, and heavy non-ASCII content.

Is this a guarantee the text is safe or malicious?

No. It's a heuristic signal to help you decide whether to trust a message; a clean verdict doesn't prove safety, and a high one doesn't prove intent.

Does my text get uploaded?

No. All detection runs locally in your browser, so the text you check never leaves your device.

What's the output format?

JSON containing the verdict and the contributing findings, so you can both read it and feed it into automation.

Keywords

  • suspicious
  • security
  • prompt-injection
  • confusable
  • invisible
  • audit
  • safety

Try next

Text Confusable
inspect

Drill into the homoglyph and mixed-script detection on its own for a deeper look.
Strip EXIF Metadata
privacy

Sanitize images from untrusted sources the way this tool screens text.
Redact PII
privacy

Remove personal data from a message after you've assessed whether to trust it.
Color Palette
inspect

Extract dominant colors from an image as hex codes.
Image Diff
inspect

Pixel-level diff between two images of the same dimensions.
Image Info
inspect

Extract dimensions, format, and metadata from an image.
PDF Info
inspect

Extract page count and metadata from a PDF.
Hash
inspect

Compute SHA-256, SHA-1, or SHA-512 hashes of files.
JSON Formatter
inspect

Parse and pretty-print JSON with configurable indentation.
Extract PDF Tables
export

Extract tabular data from a PDF as JSON or CSV. Works well for simple tables with aligned columns and no merged cells. Complex tables, rotated text, and scanned PDFs (images) will not extract cleanly.
Topic Keywords
text

Pull the topic-bearing nouns and noun phrases out of any text. Answers "what is this about" — not "what words appear most" (try Text Frequency for that). Runs entirely in your browser.