> ## Documentation Index
> Fetch the complete documentation index at: https://docs.responsibleailabs.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Agent: Tool Result Scanning

> POST /railscore/v1/agent/tool-result - Scan tool output for PII and injection before passing to the agent.

<Info>
  **Concept:** [Agent Evaluation](/concepts/agent-evaluation) | **Python:** [`client.agent.scan_tool_result()`](/sdk/python/agent-evaluation)
</Info>

## Parameters

<ParamField body="tool_name" type="string" required>
  Name of the tool that produced this result.
</ParamField>

<ParamField body="tool_result" type="object" required>
  The tool output, as an object. Provide the text under `raw` (string) and/or structured output under `data` (any). Optional `format` (string, default `"text"`). At least one of `raw`/`data` must be present.
</ParamField>

<ParamField body="tool_params" type="object">
  The parameters the tool was called with, if available.
</ParamField>

<ParamField body="agent_context" type="object">
  The agent's role and current task. Object with optional fields: `goal` (string), `prior_tool_calls` (array), `agent_id` (string), `turn_index` (integer).
</ParamField>

<ParamField body="checks" type="string[]">
  Which checks to run. Any of `"pii"`, `"prompt_injection"`, `"rail_score"`. Defaults to all three. Credit cost scales with the number of checks (3 = 1.0, 2 = 0.75, 1 = 0.5).
</ParamField>

## Request

```bash theme={null}
curl -X POST https://api.responsibleailabs.ai/railscore/v1/agent/tool-result \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_RAIL_API_KEY" \
  -d '{
    "tool_name": "search_database",
    "tool_result": {"raw": "Customer John Smith (SSN: 123-45-6789) called on 2026-03-15."},
    "checks": ["pii", "prompt_injection"]
  }'
```

## Response

```json theme={null}
{
  "event_id": "evt_1a2b3c4d",
  "risk_level": "medium",
  "recommended_action": "REDACT_AND_PASS",
  "pii_detected": {
    "found": true,
    "entities": [
      {"type": "full_name", "value": "John Smith", "offset": 9, "should_redact": true},
      {"type": "ssn", "value": "123-45-6789", "offset": 26, "should_redact": true}
    ],
    "redacted_result": "Customer [FULL_NAME] (SSN: [SSN]) called on 2026-03-15.",
    "compliance_flags": ["gdpr_personal_data", "hipaa_phi"]
  },
  "redacted_available": true,
  "prompt_injection": {"detected": false, "confidence": 0.02},
  "context_signals": {"pii_fields_detected": ["full_name", "ssn"]},
  "credits_consumed": 0.75,
  "evaluated_at": "2026-06-25T10:00:00Z"
}
```

<ResponseField name="risk_level" type="string">
  Overall risk: `"low"`, `"medium"`, `"high"`, or `"critical"`.
</ResponseField>

<ResponseField name="recommended_action" type="string">
  Suggested action: `"PASS"`, `"FLAG"`, `"REDACT_AND_PASS"`, `"REDACT_AND_FLAG"`, or `"DISCARD_AND_ALERT"`.
</ResponseField>

<ResponseField name="pii_detected" type="object">
  Present when the `pii` check runs. Contains `found` (boolean), `entities` (array of `{type, value, offset, should_redact}`), `redacted_result` (string with PII replaced by `[TYPE]` placeholders), and `compliance_flags` (string\[]).
</ResponseField>

<ResponseField name="dpdp_flags" type="object">
  Present when Indian PII (e.g. Aadhaar, PAN) is detected. Indicates DPDP exposure and the recommended Rule 6 safeguards. Detected Indian identifiers are also masked in `pii_detected.redacted_result`.
</ResponseField>

<ResponseField name="prompt_injection" type="object">
  Present when the `prompt_injection` check runs. Contains `detected` (boolean) and `confidence` (0-1).
</ResponseField>