- Home
- Skills
- Pluginagentmarketplace
- Custom Plugin Ai Red Teaming
- Defense Implementation
defense-implementation_skill
- Python
1
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill pluginagentmarketplace/custom-plugin-ai-red-teaming --skill defense-implementation- SKILL.md15.7 KB
Overview
This skill implements production-ready mitigations for LLM security by combining input validation, processing safeguards, and output filtering. It provides patterns, templates, and code-ready examples to stop prompt injection, prevent sensitive-data leaks, and enforce instruction boundaries. The goal is a low-latency, defense-in-depth stack suitable for real deployments.
How this skill works
The implementation uses a three-layer architecture: an input layer that normalizes encoding, enforces length and format limits, and detects injection patterns; a processing layer that applies hardened system prompts, instruction boundary enforcement, and context isolation; and an output layer that detects system-prompt leakage, redacts PII or secrets, and validates response formats. Each layer targets latency budgets and measurable effectiveness metrics so defenses remain practical. Hooks and templates are provided to integrate with existing agent pipelines and monitoring dashboards.
When to use it
- Protect production LLM endpoints exposed to untrusted users or integrations
- Harden conversational agents against prompt injection and override attempts
- Prevent accidental or malicious disclosure of API keys, PII, or system prompts
- Enforce safe behavior for agents with action-taking capabilities
- Meet operational targets for block rate, false positives, and latency
Best practices
- Apply input defense as the first, low-latency gate: normalize encoding and block known injection patterns
- Keep the processing layer immutable for safety guidelines and use explicit instruction boundaries
- Perform output filtering and redaction as the final check before returning responses
- Measure block rate, false-positive rate, latency impact, and bypass resistance continuously
- Tune regex and allowlists to reduce false positives and run periodic red-team tests
Example use cases
- Customer support chatbot that must never expose internal prompts or return customer PII
- Automated agent that performs transactions but requires scope-limited action confirmations
- Public-facing API that must block prompt-injection payloads from third-party clients
- Compliance pipeline that redacts secrets and logs redaction metadata for auditing
- DevOps assistant where instruction boundaries prevent escalation or privilege misuse
FAQ
Design targets are <50ms for input, 0ms for processing (integrated), and <50ms for output; actual numbers depend on implementation and optimizations like compiled regex and async processing.
How do I handle false positives from pattern matching?
Review blocked logs, add allowlist entries for legitimate patterns, make regexes more specific, and layer semantic checks to reduce overblocking.
Are pattern-based defenses sufficient?
Pattern detection is effective for known attacks but should be combined with hardened prompts, context isolation, and regular red-team testing to improve bypass resistance.