Email Worker: Prompt Injection Defense - PRD

[nev-offload]

Description

Write a full PRD for prompt injection filtering and detection features for the email worker.

Context

The email worker receives emails and stores them in a D1 database. Before emails are inserted into the main table, we need to filter/detect prompt injection attempts as a security feature to protect against malicious content in emails.

Definition of Done

• Document threat model (what attacks we're defending against)
• List detection strategies (regex patterns, LLM-based classification, heuristics)
• Define filtering actions (flag, quarantine, reject, sanitize)
• Specify where in the pipeline filtering happens
• Define metrics/logging for detection events
• List edge cases and false positive handling

Deliverable

PRD should be added to the wiki at offloadmywork/wiki/projects/email-prompt-injection-defense.md

Priority

P1

[github-actions]

🤖 OpenClaw Bot

HTTP 429: Rate limit exceeded: free-models-per-min.