Skip to main content
Concept: Agent Evaluation | Python: client.agent.scan_tool_result()

Parameters

tool_name
string
required
Name of the tool that produced this result.
tool_result
object
required
The tool output, as an object. Provide the text under raw (string) and/or structured output under data (any). Optional format (string, default "text"). At least one of raw/data must be present.
tool_params
object
The parameters the tool was called with, if available.
agent_context
object
The agent’s role and current task. Object with optional fields: goal (string), prior_tool_calls (array), agent_id (string), turn_index (integer).
checks
string[]
Which checks to run. Any of "pii", "prompt_injection", "rail_score". Defaults to all three. Credit cost scales with the number of checks (3 = 1.0, 2 = 0.75, 1 = 0.5).

Request

curl -X POST https://api.responsibleailabs.ai/railscore/v1/agent/tool-result \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_RAIL_API_KEY" \
  -d '{
    "tool_name": "search_database",
    "tool_result": {"raw": "Customer John Smith (SSN: 123-45-6789) called on 2026-03-15."},
    "checks": ["pii", "prompt_injection"]
  }'

Response

{
  "event_id": "evt_1a2b3c4d",
  "risk_level": "medium",
  "recommended_action": "REDACT_AND_PASS",
  "pii_detected": {
    "found": true,
    "entities": [
      {"type": "full_name", "value": "John Smith", "offset": 9, "should_redact": true},
      {"type": "ssn", "value": "123-45-6789", "offset": 26, "should_redact": true}
    ],
    "redacted_result": "Customer [FULL_NAME] (SSN: [SSN]) called on 2026-03-15.",
    "compliance_flags": ["gdpr_personal_data", "hipaa_phi"]
  },
  "redacted_available": true,
  "prompt_injection": {"detected": false, "confidence": 0.02},
  "context_signals": {"pii_fields_detected": ["full_name", "ssn"]},
  "credits_consumed": 0.75,
  "evaluated_at": "2026-06-25T10:00:00Z"
}
risk_level
string
Overall risk: "low", "medium", "high", or "critical".
recommended_action
string
Suggested action: "PASS", "FLAG", "REDACT_AND_PASS", "REDACT_AND_FLAG", or "DISCARD_AND_ALERT".
pii_detected
object
Present when the pii check runs. Contains found (boolean), entities (array of {type, value, offset, should_redact}), redacted_result (string with PII replaced by [TYPE] placeholders), and compliance_flags (string[]).
dpdp_flags
object
Present when Indian PII (e.g. Aadhaar, PAN) is detected. Indicates DPDP exposure and the recommended Rule 6 safeguards. Detected Indian identifiers are also masked in pii_detected.redacted_result.
prompt_injection
object
Present when the prompt_injection check runs. Contains detected (boolean) and confidence (0-1).