loading
loading
An attack where malicious text in external data hijacks an agent's instructions.
When an agent reads untrusted content — a web page, an email, a database field — that content might contain instructions designed to override the original system prompt or trick the agent into unsafe actions. Indirect prompt injection is especially dangerous in autonomous agents because they browse content without human review. Mitigations include input sanitization, constrained tool scopes, and classifier-based detection.
Plainly
Think of Prompt Injection as the lock and rules that keep people and data safe. An attack where malicious text in external data hijacks an agent's instructions.
In practice
Use it when a workflow touches secrets, permissions, user data, payments, or untrusted input. In practice, define the owner, input, output, and failure mode before you rely on it.