At least for a malicious user embedding a prompt injection using their API key, I could have sworn that there is a way to scan documents that have a high level of entropy, which should be able to flag it.