Hugging Face's logo

edaerer
/
promptwaf-command-injection

Text Classification
Transformers
Safetensors
English
deberta-v2
security
prompt
cyber-security
llm-security
prompt-injection
command-injection
text-embeddings-inference
Model card Files
xet
 Community
promptwaf-command-injection
File size: 2,474 Bytes
b694c04
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
---
license: apache-2.0
language:
- en
base_model:
- protectai/deberta-v3-base-prompt-injection-v2
pipeline_tag: text-classification
tags:
- security
- prompt
- cyber-security
- llm-security
- prompt-injection
- command-injection
library_name: transformers
---

# Command Injection Detector

A fine-tuned DeBERTa model for detecting command injection attacks in prompts before they reach an LLM.

## Overview

This model is part of [PromptWAF](https://github.com/edaerer/promptwaf) — a multi-layered ML-based Web Application Firewall designed to detect and block prompt injection attacks.

The model identifies prompts containing shell command execution patterns (`; rm -rf`, `| cat /etc/passwd`, `$(whoami)`, backtick execution, etc.) commonly used in command injection attacks.

## Model Details

- **Architecture**: DeBERTa (Base)
- **Task**: Binary Sequence Classification
- **Training Data**: Trained on a custom, internally curated command injection dataset
- **Labels**: 
  - `0` → Safe/Benign
  - `1` → Command Injection Attack

## Usage

### With PromptWAF

```bash
# Automatically used in PromptWAF via .env configuration
CMD_INJECTION_MODEL_DIR=edaerer/promptwaf-command-injection
```

### Standalone

```python
from transformers import AutoTokenizer, AutoModelForSequenceClassification
import torch

model_id = "edaerer/promptwaf-command-injection"
tokenizer = AutoTokenizer.from_pretrained(model_id)
model = AutoModelForSequenceClassification.from_pretrained(model_id)

text = "List files; rm -rf / --no-preserve-root"
inputs = tokenizer(text, return_tensors="pt")

with torch.no_grad():
    outputs = model(**inputs)

probabilities = torch.softmax(outputs.logits, dim=-1)
score = probabilities[0][1].item()  # Malicious score

print(f"Command Injection Risk: {score:.2%}")
```

## Performance

- **Threshold**: 0.5 (adjustable in PromptWAF)
- **Input**: Max 256 tokens

## Integration

This model is designed to work seamlessly with:
- **PromptWAF** - The main security orchestrator
- **HuggingFace Transformers** - For inference
- Any standard sequence classification pipeline

## Citation

```bibtex
@software{promptwaf2026,
  author = {Erer, Eda and Odabasi, Talha},
  title  = {PromptWAF: A Multi-Layered ML Defense for LLM Prompt Security},
  year   = {2026},
  url    = {https://github.com/edaerer/promptwaf}
}
```

## License

Apache License 2.0

---

For more information, visit [PromptWAF GitHub Repository](https://github.com/edaerer/promptwaf)