Guardrails
How Telflo keeps AI interactions safe, private, and on-topic.
Every message you send to the assistant — and every response it produces — passes through guardrails. They block prompt-injection and abuse, keep sensitive data from leaking, and keep the assistant focused on OpenTelemetry. If a guardrail trips, you get a safe message explaining how to rephrase, rather than an unsafe result.
Input guardrails
Checked on what you send:
| Guardrail | What it catches |
|---|---|
| Prompt injection | Jailbreak attempts, role overrides, and attempts to extract or override the assistant's instructions. |
| Malicious intent | Requests aimed at data exfiltration, credential exposure, or network attacks. |
| PII | Personal information in your prompt — you're warned before it's processed. |
Output guardrails
Checked on what the assistant returns:
| Guardrail | What it catches |
|---|---|
| YAML safety | Dangerous endpoints or hardcoded secrets in generated configuration. |
| PII / secrets | API keys, credentials, or personal data appearing in a response. |
| Response relevance | Off-topic or irrelevant answers, keeping the assistant on OpenTelemetry. |
What you'll experience
When a guardrail triggers, the assistant responds with a safe explanation instead of the blocked content, and suggests how to rephrase. For example, if a prompt looks like an injection attempt or asks for something unsafe, you'll be asked to restate the request in terms of the pipeline you're trying to build.
Keeping secrets out of prompts
To avoid tripping the PII/secret guardrails — and to keep credentials out of your
configurations entirely — reference values from the Vault
($secret:NAME and $var:NAME) rather than pasting real keys or endpoints into the
chat.