From 7477e9e0d2d5800717ca383ac5ec8d2d5422744a Mon Sep 17 00:00:00 2001
From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
Date: Thu, 21 Aug 2025 11:32:14 +0100
Subject: [PATCH 1/7] Update WAF attack score field table
---
src/content/docs/waf/detections/attack-score.mdx | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/src/content/docs/waf/detections/attack-score.mdx b/src/content/docs/waf/detections/attack-score.mdx
index a88fc664b5dd3b1..69b5843201dc48e 100644
--- a/src/content/docs/waf/detections/attack-score.mdx
+++ b/src/content/docs/waf/detections/attack-score.mdx
@@ -6,7 +6,7 @@ sidebar:
label: Attack score
---
-import { GlossaryTooltip } from "~/components";
+import { GlossaryTooltip, Type } from "~/components";
The attack score [traffic detection](/waf/concepts/#detection-versus-mitigation) helps identify variations of known attacks and their malicious payloads. This detection complements [WAF Managed Rules](/waf/managed-rules/).
@@ -24,13 +24,13 @@ This feature is available to Enterprise customers. Business plans have access to
The Cloudflare WAF provides the following attack score fields:
-| Score | Data type | Minimum plan required | Attack vector | Field |
-| ---------------------- | --------- | --------------------- | -------------------------------- | ------------------------------------------------------------------------------------------- |
-| WAF Attack Score | Number | Enterprise | N/A (global score) | [`cf.waf.score`](/ruleset-engine/rules-language/fields/reference/cf.waf.score/) |
-| WAF SQLi Attack Score | Number | Enterprise | [SQL injection][1] (SQLi) | [`cf.waf.score.sqli`](/ruleset-engine/rules-language/fields/reference/cf.waf.score.sqli/) |
-| WAF XSS Attack Score | Number | Enterprise | [Cross-site scripting][2] (XSS) | [`cf.waf.score.xss`](/ruleset-engine/rules-language/fields/reference/cf.waf.score.xss/) |
-| WAF RCE Attack Score | Number | Enterprise | [Remote code execution][3] (RCE) | [`cf.waf.score.rce`](/ruleset-engine/rules-language/fields/reference/cf.waf.score.rce/) |
-| WAF Attack Score Class | String | Business | N/A (global classification) | [`cf.waf.score.class`](/ruleset-engine/rules-language/fields/reference/cf.waf.score.class/) |
+| Name in the dashboard | Field + Data type | Required plan | Description |
+| ---------------------- | ------------------------------------------------------------------------------------------------------------------------ | ----------------- | ------------------------------------------------------------------------------------------------------ |
+| WAF Attack Score | [`cf.waf.score`](/ruleset-engine/rules-language/fields/reference/cf.waf.score/)
| Enterprise | A global score from 1–99 that combines the score of each WAF attack vector into a single score. |
+| WAF SQLi Attack Score | [`cf.waf.score.sqli`](/ruleset-engine/rules-language/fields/reference/cf.waf.score.sqli/)
| Enterprise | A score from 1–99 classifying the [SQL injection][1] (SQLi) attack vector. |
+| WAF XSS Attack Score | [`cf.waf.score.xss`](/ruleset-engine/rules-language/fields/reference/cf.waf.score.xss/)
| Enterprise | A score from 1–99 classifying the [cross-site scripting][2] (XSS) attack vector. |
+| WAF RCE Attack Score | [`cf.waf.score.rce`](/ruleset-engine/rules-language/fields/reference/cf.waf.score.rce/)
| Enterprise | A score from 1–99 classifying the command injection or [remote code execution][3] (RCE) attack vector. |
+| WAF Attack Score Class | [`cf.waf.score.class`](/ruleset-engine/rules-language/fields/reference/cf.waf.score.class/)
| Business or above | The attack score class of the current request, based on the WAF attack score. |
[1]: https://www.cloudflare.com/learning/security/threats/sql-injection/
[2]: https://www.cloudflare.com/learning/security/threats/cross-site-scripting/
From 68a0cd76d639c6a28b1cce4700c64c547cda739f Mon Sep 17 00:00:00 2001
From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
Date: Thu, 21 Aug 2025 11:32:45 +0100
Subject: [PATCH 2/7] Update heading in Firewall for AI
---
src/content/docs/waf/detections/firewall-for-ai.mdx | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/content/docs/waf/detections/firewall-for-ai.mdx b/src/content/docs/waf/detections/firewall-for-ai.mdx
index 0127f5434f1b1bb..0f49b332734897f 100644
--- a/src/content/docs/waf/detections/firewall-for-ai.mdx
+++ b/src/content/docs/waf/detections/firewall-for-ai.mdx
@@ -20,7 +20,7 @@ Firewall for AI is a detection that can help protect your services powered by
@@ -114,7 +114,7 @@ You can combine the previous expression with other [fields](/ruleset-engine/rule
-## Fields
+## Firewall for AI fields
When enabled, Firewall for AI populates the following fields:
From 9f754d30643a0a9260494ad65aad9f134a91f80d Mon Sep 17 00:00:00 2001
From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
Date: Thu, 21 Aug 2025 11:33:07 +0100
Subject: [PATCH 3/7] Update leaked credentials field table
---
.../waf/detections/leaked-credentials/index.mdx | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/src/content/docs/waf/detections/leaked-credentials/index.mdx b/src/content/docs/waf/detections/leaked-credentials/index.mdx
index bad783f32ff2b04..d32a79cafe821d1 100644
--- a/src/content/docs/waf/detections/leaked-credentials/index.mdx
+++ b/src/content/docs/waf/detections/leaked-credentials/index.mdx
@@ -7,6 +7,8 @@ sidebar:
label: Leaked credentials
---
+import { Type } from "~/components";
+
The leaked credentials [traffic detection](/waf/detections/) scans incoming requests for credentials (usernames and passwords) previously leaked from [data breaches](https://www.cloudflare.com/learning/security/what-is-a-data-breach/).
:::note
@@ -96,13 +98,13 @@ For instructions on configuring a custom detection location, refer to [Get start
## Leaked credentials fields
-| Field name in the dashboard | Field | Availability |
-| --------------------------- | ----------------------------------------------------------- | ------------------ |
-| Password Leaked | [`cf.waf.credential_check.password_leaked`][1] | All plans |
-| User and Password Leaked | [`cf.waf.credential_check.username_and_password_leaked`][2] | Pro plan and above |
-| Username Leaked | [`cf.waf.credential_check.username_leaked`][3] | Enterprise plan |
-| Similar Password Leaked | [`cf.waf.credential_check.username_password_similar`][4] | Enterprise plan |
-| Authentication detected | [`cf.waf.auth_detected`][5] | Enterprise plan |
+| Field | Required plan | Description |
+| ------------------------------------------------------------------------------------------------------------------------ | --------------- | ---------------------------------------------------------------------------------------------------------------------------- |
+| Password Leaked
[`cf.waf.credential_check.password_leaked`][1]
| N/A (all plans) | Indicates whether the password detected in the request was previously leaked. |
+| User and Password Leaked
[`cf.waf.credential_check.username_and_password_leaked`][2]
| Pro and above | Indicates whether the (username-password pair detected in the request were previously leaked. |
+| Username Leaked
[`cf.waf.credential_check.username_leaked`][3]
| Enterprise | Indicates whether the username detected in the request was previously leaked. |
+| Similar Password Leaked
[`cf.waf.credential_check.username_password_similar`][4]
| Enterprise | Indicates whether a similar version of the username and password credentials detected in the request were previously leaked. |
+| Authentication detected
[`cf.waf.auth_detected`][5]
| Enterprise | Indicates whether Cloudflare detected authentication credentials in the request. |
[1]: /ruleset-engine/rules-language/fields/reference/cf.waf.credential_check.password_leaked/
[2]: /ruleset-engine/rules-language/fields/reference/cf.waf.credential_check.username_and_password_leaked/
From 83190abb97be86db3ee3564572e14da9906b9738 Mon Sep 17 00:00:00 2001
From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
Date: Thu, 21 Aug 2025 15:50:42 +0100
Subject: [PATCH 4/7] Update leaked credentials field table
---
.../waf/detections/leaked-credentials/index.mdx | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/content/docs/waf/detections/leaked-credentials/index.mdx b/src/content/docs/waf/detections/leaked-credentials/index.mdx
index d32a79cafe821d1..0c7a09c76c2e50a 100644
--- a/src/content/docs/waf/detections/leaked-credentials/index.mdx
+++ b/src/content/docs/waf/detections/leaked-credentials/index.mdx
@@ -98,13 +98,13 @@ For instructions on configuring a custom detection location, refer to [Get start
## Leaked credentials fields
-| Field | Required plan | Description |
-| ------------------------------------------------------------------------------------------------------------------------ | --------------- | ---------------------------------------------------------------------------------------------------------------------------- |
-| Password Leaked
[`cf.waf.credential_check.password_leaked`][1]
| N/A (all plans) | Indicates whether the password detected in the request was previously leaked. |
-| User and Password Leaked
[`cf.waf.credential_check.username_and_password_leaked`][2]
| Pro and above | Indicates whether the (username-password pair detected in the request were previously leaked. |
-| Username Leaked
[`cf.waf.credential_check.username_leaked`][3]
| Enterprise | Indicates whether the username detected in the request was previously leaked. |
-| Similar Password Leaked
[`cf.waf.credential_check.username_password_similar`][4]
| Enterprise | Indicates whether a similar version of the username and password credentials detected in the request were previously leaked. |
-| Authentication detected
[`cf.waf.auth_detected`][5]
| Enterprise | Indicates whether Cloudflare detected authentication credentials in the request. |
+| Field | Description |
+| ------------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Password Leaked
[`cf.waf.credential_check.password_leaked`][1]
| Indicates whether the password detected in the request was previously leaked.
Available on all plans. |
+| User and Password Leaked
[`cf.waf.credential_check.username_and_password_leaked`][2]
| Indicates whether the username-password pair detected in the request were previously leaked.
Requires a Pro plan or above. |
+| Username Leaked
[`cf.waf.credential_check.username_leaked`][3]
| Indicates whether the username detected in the request was previously leaked.
Requires an Enterprise plan. |
+| Similar Password Leaked
[`cf.waf.credential_check.username_password_similar`][4]
| Indicates whether a similar version of the username and password credentials detected in the request were previously leaked.
Requires an Enterprise plan. |
+| Authentication detected
[`cf.waf.auth_detected`][5]
| Indicates whether Cloudflare detected authentication credentials in the request.
Requires an Enterprise plan. |
[1]: /ruleset-engine/rules-language/fields/reference/cf.waf.credential_check.password_leaked/
[2]: /ruleset-engine/rules-language/fields/reference/cf.waf.credential_check.username_and_password_leaked/
From 1f1c83ea50fdad70ba37f87007f0d499301425db Mon Sep 17 00:00:00 2001
From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
Date: Thu, 21 Aug 2025 15:51:30 +0100
Subject: [PATCH 5/7] Update malicious uploads field table
---
.../detections/malicious-uploads/index.mdx | 31 ++++++++++++-------
1 file changed, 20 insertions(+), 11 deletions(-)
diff --git a/src/content/docs/waf/detections/malicious-uploads/index.mdx b/src/content/docs/waf/detections/malicious-uploads/index.mdx
index d170dd241e8f318..7dd0cab62033539 100644
--- a/src/content/docs/waf/detections/malicious-uploads/index.mdx
+++ b/src/content/docs/waf/detections/malicious-uploads/index.mdx
@@ -7,7 +7,7 @@ sidebar:
label: Malicious uploads
---
-import { GlossaryTooltip } from "~/components";
+import { GlossaryTooltip, Type } from "~/components";
The malicious uploads detection, also called uploaded content scanning, is a WAF [traffic detection](/waf/concepts/#detection-versus-mitigation) that scans content being uploaded to your application.
@@ -88,15 +88,24 @@ The content scanner will automatically decode Base64 strings.
When content scanning is enabled, you can use the following fields in WAF rules:
-| Field name in the dashboard | Field name in expressions |
-| ------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------- |
-| Has content object | [`cf.waf.content_scan.has_obj`](/ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.has_obj/) |
-| Has malicious content object | [`cf.waf.content_scan.has_malicious_obj`](/ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.has_malicious_obj/) |
-| Number of malicious content objects | [`cf.waf.content_scan.num_malicious_obj`](/ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.num_malicious_obj/) |
-| Content scan has failed | [`cf.waf.content_scan.has_failed`](/ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.has_failed/) |
-| Number of content objects | [`cf.waf.content_scan.num_obj`](/ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.num_obj/) |
-| Content object size (in bytes) | [`cf.waf.content_scan.obj_sizes`](/ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.obj_sizes/) |
-| Content object type | [`cf.waf.content_scan.obj_types`](/ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.obj_types/) |
-| Content object result
Values: `clean`, `suspicious`,
`infected`, and `not scanned` | [`cf.waf.content_scan.obj_results`](/ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.obj_results/) |
+| Field | Description |
+| -------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Has content object
[`cf.waf.content_scan.has_obj`][1]
| Indicates whether the request contains at least one content object. |
+| Has malicious content object
[`cf.waf.content_scan.has_malicious_obj`][2]
| Indicates whether the request contains at least one malicious content object. |
+| Number of malicious content objects
[`cf.waf.content_scan.num_malicious_obj`][3]
| The number of malicious content objects detected in the request (zero or greater). |
+| Content scan has failed
[`cf.waf.content_scan.has_failed`][4]
| Indicates whether the file scanner was unable to scan all the content objects detected in the request. |
+| Number of content objects
[`cf.waf.content_scan.num_obj`][5]
| The number of content objects detected in the request (zero or greater). |
+| Content object size
[`cf.waf.content_scan.obj_sizes`][6]
| An array of file sizes in bytes, in the order the content objects were detected in the request. |
+| Content object type
[`cf.waf.content_scan.obj_types`][7]
| An array of file types in the order the content objects were detected in the request. |
+| Content object result
[`cf.waf.content_scan.obj_results`][8]
| An array of scan results in the order the content objects were detected in the request.
Possible values: `clean`, `suspicious`, `infected`, and `not scanned`. |
+
+[1]: /ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.has_obj/
+[2]: /ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.has_malicious_obj/
+[3]: /ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.num_malicious_obj/
+[4]: /ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.has_failed/
+[5]: /ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.num_obj/
+[6]: /ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.obj_sizes/
+[7]: /ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.obj_types/
+[8]: /ruleset-engine/rules-language/fields/reference/cf.waf.content_scan.obj_results/
For examples of rule expressions using these fields, refer to [Example rules](/waf/detections/malicious-uploads/example-rules/).
From 24b7c28102cc51ff4cdbaf568e8810dcbb4d3d83 Mon Sep 17 00:00:00 2001
From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
Date: Thu, 21 Aug 2025 15:52:19 +0100
Subject: [PATCH 6/7] Update attack score field table
---
.../docs/waf/detections/attack-score.mdx | 27 +++++++++++--------
1 file changed, 16 insertions(+), 11 deletions(-)
diff --git a/src/content/docs/waf/detections/attack-score.mdx b/src/content/docs/waf/detections/attack-score.mdx
index 69b5843201dc48e..c90d1c30d031a87 100644
--- a/src/content/docs/waf/detections/attack-score.mdx
+++ b/src/content/docs/waf/detections/attack-score.mdx
@@ -24,17 +24,22 @@ This feature is available to Enterprise customers. Business plans have access to
The Cloudflare WAF provides the following attack score fields:
-| Name in the dashboard | Field + Data type | Required plan | Description |
-| ---------------------- | ------------------------------------------------------------------------------------------------------------------------ | ----------------- | ------------------------------------------------------------------------------------------------------ |
-| WAF Attack Score | [`cf.waf.score`](/ruleset-engine/rules-language/fields/reference/cf.waf.score/)
| Enterprise | A global score from 1–99 that combines the score of each WAF attack vector into a single score. |
-| WAF SQLi Attack Score | [`cf.waf.score.sqli`](/ruleset-engine/rules-language/fields/reference/cf.waf.score.sqli/)
| Enterprise | A score from 1–99 classifying the [SQL injection][1] (SQLi) attack vector. |
-| WAF XSS Attack Score | [`cf.waf.score.xss`](/ruleset-engine/rules-language/fields/reference/cf.waf.score.xss/)
| Enterprise | A score from 1–99 classifying the [cross-site scripting][2] (XSS) attack vector. |
-| WAF RCE Attack Score | [`cf.waf.score.rce`](/ruleset-engine/rules-language/fields/reference/cf.waf.score.rce/)
| Enterprise | A score from 1–99 classifying the command injection or [remote code execution][3] (RCE) attack vector. |
-| WAF Attack Score Class | [`cf.waf.score.class`](/ruleset-engine/rules-language/fields/reference/cf.waf.score.class/)
| Business or above | The attack score class of the current request, based on the WAF attack score. |
-
-[1]: https://www.cloudflare.com/learning/security/threats/sql-injection/
-[2]: https://www.cloudflare.com/learning/security/threats/cross-site-scripting/
-[3]: https://www.cloudflare.com/learning/security/what-is-remote-code-execution/
+| Field | Description | Required plan |
+| ----------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------- |
+| WAF Attack Score
[`cf.waf.score`][1]
| A global score from 1–99 that combines the score of each WAF attack vector into a single score. | Enterprise |
+| WAF SQLi Attack Score
[`cf.waf.score.sqli`][2]
| A score from 1–99 classifying the [SQL injection][6] (SQLi) attack vector. | Enterprise |
+| WAF XSS Attack Score
[`cf.waf.score.xss`][3]
| A score from 1–99 classifying the [cross-site scripting][7] (XSS) attack vector. | Enterprise |
+| WAF RCE Attack Score
[`cf.waf.score.rce`][4]
| A score from 1–99 classifying the command injection or [remote code execution][8] (RCE) attack vector. | Enterprise |
+| WAF Attack Score Class
[`cf.waf.score.class`][5]
| The attack score class of the current request, based on the WAF attack score.
Possible values: `attack`, `likely_attack`, `likely_clean`, and `clean`. | Business or above |
+
+[1]: /ruleset-engine/rules-language/fields/reference/cf.waf.score/
+[2]: /ruleset-engine/rules-language/fields/reference/cf.waf.score.sqli/
+[3]: /ruleset-engine/rules-language/fields/reference/cf.waf.score.xss/
+[4]: /ruleset-engine/rules-language/fields/reference/cf.waf.score.rce/
+[5]: /ruleset-engine/rules-language/fields/reference/cf.waf.score.class/
+[6]: https://www.cloudflare.com/learning/security/threats/sql-injection/
+[7]: https://www.cloudflare.com/learning/security/threats/cross-site-scripting/
+[8]: https://www.cloudflare.com/learning/security/what-is-remote-code-execution/
You can use these fields in expressions of [custom rules](/waf/custom-rules/) and [rate limiting rules](/waf/rate-limiting-rules/). Attack score fields of data type `Number` vary between `1` and `99` with the following meaning:
From dd36413ea04ca21d91aa62c79d1fe813bcb15d6c Mon Sep 17 00:00:00 2001
From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
Date: Thu, 21 Aug 2025 15:59:19 +0100
Subject: [PATCH 7/7] Update Firewall for AI field table
---
.../docs/waf/detections/firewall-for-ai.mdx | 23 ++++++++++++-------
1 file changed, 15 insertions(+), 8 deletions(-)
diff --git a/src/content/docs/waf/detections/firewall-for-ai.mdx b/src/content/docs/waf/detections/firewall-for-ai.mdx
index 0f49b332734897f..52f7dd657ea91b4 100644
--- a/src/content/docs/waf/detections/firewall-for-ai.mdx
+++ b/src/content/docs/waf/detections/firewall-for-ai.mdx
@@ -118,14 +118,21 @@ You can combine the previous expression with other [fields](/ruleset-engine/rule
When enabled, Firewall for AI populates the following fields:
-| Name in the dashboard | Field + Data type | Description |
-| --------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| LLM PII Detected | [`cf.llm.prompt.pii_detected`](/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.pii_detected/)
| Indicates whether any personally identifiable information (PII) has been detected in the LLM prompt included in the request. |
-| LLM PII Categories | [`cf.llm.prompt.pii_categories`](/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.pii_categories/)
| Array of string values with the personally identifiable information (PII) categories found in the LLM prompt included in the request.
[Category list](/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.pii_categories/) |
-| LLM Content Detected | [`cf.llm.prompt.detected`](/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.detected/)
| Indicates whether Cloudflare detected an LLM prompt in the incoming request. |
-| LLM Unsafe topic detected | [`cf.llm.prompt.unsafe_topic_detected`](/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.unsafe_topic_detected/)
| Indicates whether the incoming request includes any unsafe topic category in the LLM prompt. |
-| LLM Unsafe topic categories | [`cf.llm.prompt.unsafe_topic_categories`](/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.unsafe_topic_categories/)
| Array of string values with the type of unsafe topics detected in the LLM prompt.
[Category list](/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.unsafe_topic_categories/) |
-| LLM Injection score | [`cf.llm.prompt.injection_score`](/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.injection_score/)
| A score from 1–99 that represents the likelihood that the LLM prompt in the request is trying to perform a prompt injection attack. |
+| Field | Description |
+| ----------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| LLM PII detected
[`cf.llm.prompt.pii_detected`][1]
| Indicates whether any personally identifiable information (PII) has been detected in the LLM prompt included in the request. |
+| LLM PII categories
[`cf.llm.prompt.pii_categories`][2]
| Array of string values with the personally identifiable information (PII) categories found in the LLM prompt included in the request.
[Category list](/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.pii_categories/) |
+| LLM Content detected
[`cf.llm.prompt.detected`][3]
| Indicates whether Cloudflare detected an LLM prompt in the incoming request. |
+| LLM Unsafe topic detected
[`cf.llm.prompt.unsafe_topic_detected`][4]
| Indicates whether the incoming request includes any unsafe topic category in the LLM prompt. |
+| LLM Unsafe topic categories
[`cf.llm.prompt.unsafe_topic_categories`][5]
| Array of string values with the type of unsafe topics detected in the LLM prompt.
[Category list](/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.unsafe_topic_categories/) |
+| LLM Injection score
[`cf.llm.prompt.injection_score`][6]
| A score from 1–99 that represents the likelihood that the LLM prompt in the request is trying to perform a prompt injection attack. |
+
+[1]: /ruleset-engine/rules-language/fields/reference/cf.llm.prompt.pii_detected/
+[2]: /ruleset-engine/rules-language/fields/reference/cf.llm.prompt.pii_categories/
+[3]: /ruleset-engine/rules-language/fields/reference/cf.llm.prompt.detected/
+[4]: /ruleset-engine/rules-language/fields/reference/cf.llm.prompt.unsafe_topic_detected/
+[5]: /ruleset-engine/rules-language/fields/reference/cf.llm.prompt.unsafe_topic_categories/
+[6]: /ruleset-engine/rules-language/fields/reference/cf.llm.prompt.injection_score/
## Example mitigation rules