Runs untrusted user input through Google's Model Armor filter to strip injection attempts and jailbreak patterns before passing to Claude. Cuts false positives vs. a naive blocklist.
Best for: Teams shipping customer-facing Claude apps where user input is not fully controlled.
Creator's repository · googleworkspace/cli
License: Apache-2.0
---
name: gws-modelarmor-sanitize-prompt
description: "Google Model Armor: Sanitize a user prompt through a Model Armor template."
metadata:
version: 0.22.5
openclaw:
category: "security"
requires:
bins:
- gws
cliHelp: "gws modelarmor +sanitize-prompt --help"
---
# modelarmor +sanitize-prompt
> **PREREQUISITE:** Read `../gws-shared/SKILL.md` for auth, global flags, and security rules. If missing, run `gws generate-skills` to create it.
Sanitize a user prompt through a Model Armor template
## Usage
```bash
gws modelarmor +sanitize-prompt --template <NAME>
```
## Flags
| Flag | Required | Default | Description |
|------|----------|---------|-------------|
| `--template` | ✓ | — | Full template resource name (projects/PROJECT/locations/LOCATION/templates/TEMPLATE) |
| `--text` | — | — | Text content to sanitize |
| `--json` | — | — | Full JSON request body (overrides --text) |
## Examples
```bash
gws modelarmor +sanitize-prompt --template projects/P/locations/L/templates/T --text 'user input'
echo 'prompt' | gws modelarmor +sanitize-prompt --template ...
```
## Tips
- If neither --text nor --json is given, reads from stdin.
- For outbound safety, use +sanitize-response instead.
## See Also
- [gws-shared](../gws-shared/SKILL.md) — Global flags and auth
- [gws-modelarmor](../gws-modelarmor/SKILL.md) — All filter user-generated content for safety commands