prompt-injection_skill

This skill helps you assess LLM prompt injection resilience by executing structured tests and generating actionable mitigation recommendations.
  • Python

1

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill pluginagentmarketplace/custom-plugin-ai-red-teaming --skill prompt-injection

  • SKILL.md10.9 KB

Overview

This skill tests and validates LLM defenses against prompt injection, jailbreaks, and input-manipulation attacks. It provides a structured red-teaming workflow, proven payload classes, and severity-driven reporting aligned with OWASP LLM01. Use it to quantify bypass rates and produce actionable mitigation recommendations. The focus is practical: reproduce, classify, and remediate prompt injection weaknesses.

How this skill works

The skill runs a phased protocol: establish a baseline, execute simple and advanced injection vectors, attempt system-prompt extraction, and document results. It enumerates attack categories (authority, hypothetical, encoding, fragmentation, context confusion, role-based) and provides payload templates and a payload-crafting framework. Outputs include test evidence, bypass success rates, severity ratings, and prioritized mitigation guidance for defenders.

When to use it

  • During security assessments of LLM integrations and chat agents
  • Before deploying models into production-facing or safety-sensitive contexts
  • When validating filtering, input preprocessing, or content-moderation controls
  • When measuring resilience after model updates or policy changes
  • As part of an incident response to suspected prompt-leak or jailbreak events

Best practices

  • Start with a clear baseline of normal behavior and refusal patterns to reduce false positives
  • Run payloads multiple times and compute statistical success rates for non-deterministic models
  • Use phased escalation: from simple prompts to encoding, multi-turn fragmentation, and system extraction
  • Record exact payloads, timestamps, and response excerpts for reproducibility and root-cause analysis
  • Classify findings by severity (Critical/High/Medium/Low) and map each to concrete mitigation steps

Example use cases

  • Automated unit tests that assert authority and encoding jailbreaks are blocked in CI pipelines
  • Red-team engagements to measure how often multi-turn fragmentation leads to a successful bypass
  • Validation of content filters by testing Base64, ROT13, leetspeak, and homoglyph encodings
  • Pre-release security checks to ensure system prompt and internal instructions cannot be extracted
  • Post-mortem analysis after a model produced policy-violating content to identify attack vectors

FAQ

A successful bypass is when the model follows or reveals content that violates its safety policy or system prompt, or returns harmful instructions contrary to defined refusal behavior.

How many attempts are needed for reliable results?

Run each payload multiple times (3–5) and report success probability; many attacks are nondeterministic so single runs are unreliable.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational