Privacy & trust

Prompt-injection defense

A malicious PDF or webpage can hide instructions meant to take over an AI assistant. School-Pack is built to treat all untrusted content as data, never as commands.

How it's handled

Every untrusted input (PDF text, image text, pasted content, scraped pages) is sanitized before it reaches the model. Hidden text is stripped, and instruction-like content is quoted as material to read, not orders to follow. This runs on every ingestion path automatically.

Tip. See Files & uploads › Safe uploads for the upload-time view of the same protection.

Safe uploadsHidden text is stripped before the model reads it.
Privacy and your dataWhere your files live and how to remove them.