- Home
- Skills
- Pluginagentmarketplace
- Custom Plugin Ai Red Teaming
- Prompt Injection
prompt-injection_skill
- Python
1
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill pluginagentmarketplace/custom-plugin-ai-red-teaming --skill prompt-injection- SKILL.md10.9 KB
Overview
This skill tests and validates LLM defenses against prompt injection, jailbreaks, and input-manipulation attacks. It provides a structured red-teaming workflow, proven payload classes, and severity-driven reporting aligned with OWASP LLM01. Use it to quantify bypass rates and produce actionable mitigation recommendations. The focus is practical: reproduce, classify, and remediate prompt injection weaknesses.
How this skill works
The skill runs a phased protocol: establish a baseline, execute simple and advanced injection vectors, attempt system-prompt extraction, and document results. It enumerates attack categories (authority, hypothetical, encoding, fragmentation, context confusion, role-based) and provides payload templates and a payload-crafting framework. Outputs include test evidence, bypass success rates, severity ratings, and prioritized mitigation guidance for defenders.
When to use it
- During security assessments of LLM integrations and chat agents
- Before deploying models into production-facing or safety-sensitive contexts
- When validating filtering, input preprocessing, or content-moderation controls
- When measuring resilience after model updates or policy changes
- As part of an incident response to suspected prompt-leak or jailbreak events
Best practices
- Start with a clear baseline of normal behavior and refusal patterns to reduce false positives
- Run payloads multiple times and compute statistical success rates for non-deterministic models
- Use phased escalation: from simple prompts to encoding, multi-turn fragmentation, and system extraction
- Record exact payloads, timestamps, and response excerpts for reproducibility and root-cause analysis
- Classify findings by severity (Critical/High/Medium/Low) and map each to concrete mitigation steps
Example use cases
- Automated unit tests that assert authority and encoding jailbreaks are blocked in CI pipelines
- Red-team engagements to measure how often multi-turn fragmentation leads to a successful bypass
- Validation of content filters by testing Base64, ROT13, leetspeak, and homoglyph encodings
- Pre-release security checks to ensure system prompt and internal instructions cannot be extracted
- Post-mortem analysis after a model produced policy-violating content to identify attack vectors
FAQ
A successful bypass is when the model follows or reveals content that violates its safety policy or system prompt, or returns harmful instructions contrary to defined refusal behavior.
How many attempts are needed for reliable results?
Run each payload multiple times (3–5) and report success probability; many attacks are nondeterministic so single runs are unreliable.