Risk
Indirect Prompt / Instruction Injection
Description
Agent accepts instructions from untrusted sources (e.g., tool output, retrieved documents), allowing embedded malicious instructions to trigger unsafe actions.
Example
Malicious instructions hidden in a retrieved HTML page cause the agent to run unsafe commands.
Assets Affected
Agentic Platform
Tool
Model Response
Mitigation
- Sanitize and validate all external data/tool outputs before agent processes them
- restrict sources of external instructions
- monitor for instruction injection patterns.
Standards Mapping
- ISO: A.7.6, A.9.4
- OWASP agentic: ASI01, ASI06
- OWASP LLM: LLM01:2025
- EU AI Act: Art. 15(5)
- DASF: Model Serving 9.9, Agents-MCP Server 13.24
- AIUC-1: B001, B005