3.2
.
Insecure Agent Instructions Prompt and Configuration Design
sail
3.2
Risk
Insecure Agent Instructions Prompt and Configuration Design
Description
Poorly designed agent instructions prompts, agent rules files, or agent configurations (e.g., AGENTS.md, .cursor/rules, agent.yaml) that are easily bypassed, manipulated, or that inadvertently leak sensitive contextual information or instructions.
Example
An attacker plants a hidden-Unicode instruction in the agent’s SOUL.md
Assets Affected
System Prompt
Agent Config
Mitigation
- Employ robust prompt and configuration engineering techniques
- sanitize inputs intended for prompts and configs
- minimize sensitive data in prompts
- iteratively test prompts for vulnerabilities
- scan configs for hidden Unicode and injection vectors
- document prompt and config design and rationale.
Standards Mapping
- ISO: A.6.2.3
- OWASP agentic: ASI01, ASI06
- OWASP LLM: LLM07:2025, LLM01:2025
- EU AI Act: Art. 15(5)
- DASF: Model Serving 9.1, Agents-MCP Server 13.16
- AIUC-1: B001, B009