SAIL 2.0

/

Operate - Safe Execution Environment - Sandbox

/

Indirect Prompt / Instruction Injection

6.5

.

Indirect Prompt / Instruction Injection

sail
6.5
Risk

Indirect Prompt / Instruction Injection

Description

Agent accepts instructions from untrusted sources (e.g., tool output, retrieved documents), allowing embedded malicious instructions to trigger unsafe actions.

Example

Malicious instructions hidden in a retrieved HTML page cause the agent to run unsafe commands.

Assets Affected

Agentic Platform

Tool

Model Response

Mitigation
  • Sanitize and validate all external data/tool outputs before agent processes them
  • restrict sources of external instructions
  • monitor for instruction injection patterns.
Standards Mapping
  • ISO: A.7.6, A.9.4
  • OWASP agentic: ASI01, ASI06
  • OWASP LLM: LLM01:2025
  • EU AI Act: Art. 15(5)
  • DASF: Model Serving 9.9, Agents-MCP Server 13.24
  • AIUC-1: B001, B005