Let me check the DashClaw skill first.Good news: DashClaw already has `dc.scanPromptInjection()` built in. But what you're describing from that Reddit comment is a more architectural pattern, not just a scan call. Here's how to marry the two ideas together.

**What DashClaw already gives you**

```javascript
const scan = await dc.scanPromptInjection(userInput, { source: 'email_inbound' });
if (scan.recommendation === 'block') throw new Error('Prompt injection detected');
```

This is the raw input check. It's what you have now and it's the weak point the commenter was describing.

**The upgrade: a two-stage email pipeline using DashClaw properly**

```javascript
async function processInboundEmail(rawEmail) {

  // STAGE 1: Extraction only, no tools, no actions
  // Record this as an action so DashClaw can monitor it
  const extractAction = await dc.createAction({
    actionType: 'email_extraction',
    declaredGoal: 'Extract structured intent from inbound email',
    riskScore: 15,
    metadata: { source: 'email_inbound', stage: 'extract' }
  });

  // Scan the raw email before even summarizing it
  const scan = await dc.scanPromptInjection(rawEmail, { source: 'email_inbound' });
  if (scan.recommendation === 'block') {
    await dc.updateOutcome(extractAction.action_id, {
      status: 'failed',
      outputSummary: 'Blocked by injection scanner'
    });
    return;
  }

  // Call your LLM in extraction-only mode (no tools available in this call)
  const extracted = await summarizeEmailIntent(rawEmail); 
  // Returns something like: { intent: 'schedule_meeting', recipient: 'john@company.com', date: 'Friday' }

  await dc.updateOutcome(extractAction.action_id, {
    status: 'completed',
    outputSummary: `Extracted intent: ${extracted.intent}`
  });

  // STAGE 2: Now guard on the INTENT, not the raw email
  // This is the key upgrade from the Reddit comment
  const guardDecision = await dc.guard({
    actionType: extracted.intent,   // e.g. 'schedule_meeting', 'forward_email', 'send_reply'
    content: JSON.stringify(extracted),
    riskScore: getRiskForIntent(extracted.intent) // 'forward_email' = 80, 'schedule_meeting' = 20
  });

  if (guardDecision.decision === 'block') return;

  // STAGE 3: Act on the validated structured intent, never the raw email
  const actionAction = await dc.createAction({
    actionType: extracted.intent,
    declaredGoal: `Execute ${extracted.intent} from email`,
    riskScore: getRiskForIntent(extracted.intent),
    metadata: { stage: 'act', ...extracted }
  });

  await executeIntent(extracted); // raw email never touches this layer

  await dc.updateOutcome(actionAction.action_id, {
    status: 'completed',
    outputSummary: `Completed ${extracted.intent}`
  });
}
```

**The risk template piece**

You can also use DashClaw's risk template system to make `getRiskForIntent` automatic instead of hardcoded:

```javascript
const emailRiskTemplate = await dc.createRiskTemplate({
  name: 'Email Intent Risk',
  base_risk: 10,
  rules: [
    { condition: "metadata.intent == 'forward_email'", add: 70 },
    { condition: "metadata.intent == 'send_reply'", add: 40 },
    { condition: "metadata.recipient contains 'external'", add: 25 },
    { condition: "metadata.intent == 'schedule_meeting'", add: 10 },
  ]
});
```

The bottom line is that the architecture from the Reddit comment maps cleanly onto DashClaw's existing primitives. You use `scanPromptInjection` on the raw input, `createAction` to track both stages separately, and `guard` on the extracted intent rather than the raw content. The raw email never reaches the action layer.