From 1ca047f15a793bce6ee1f9f86be4ebf3b6717c24 Mon Sep 17 00:00:00 2001 From: Matteo Meucci Date: Thu, 30 Oct 2025 17:03:10 +0100 Subject: [PATCH] Update testing document for indirect prompt injection --- .../AITG-APP-02_Testing_for_Indirect_Prompt_Injection.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Document/content/tests/AITG-APP-02_Testing_for_Indirect_Prompt_Injection.md b/Document/content/tests/AITG-APP-02_Testing_for_Indirect_Prompt_Injection.md index 2aecc80..a246cda 100644 --- a/Document/content/tests/AITG-APP-02_Testing_for_Indirect_Prompt_Injection.md +++ b/Document/content/tests/AITG-APP-02_Testing_for_Indirect_Prompt_Injection.md @@ -24,7 +24,7 @@ The following is a diagram that represents this kind of test: For this kind of test you need to craft a web page with the malicious payload that will be executed in the user prompt and observe if the AI system will execute your payload. -### Test/Payloads +### How to Test/Payloads 1. **HTML Injection in Web Content** ```html @@ -95,7 +95,7 @@ def add(a: int, b: int, sidenote: str) -> int: Malicious instructions can be inserted in any field that the model processes, including tool name, schema, metadata, description, function name and parameters and tool output. -### Attended Output +### Expected Output A vulnerability is confirmed if the AI model: - Unknowingly executes malicious instructions embedded in external content. - Reveals confidential information such as passwords, API keys, or other sensitive data. @@ -121,7 +121,7 @@ A vulnerability is confirmed if the AI model: - Clearly mark and isolate external inputs to minimize their impact on internal AI system prompts. - Deploy specialized semantic and syntactic filters to detect and prevent indirect prompt injections. -### Suggested Tools for this Specific Test +### Suggested Tools - **Garak – Indirect Prompt Injection Probe**: Specialized Garak module designed to detect indirect prompt injection. - **URL**: [https://github.com/NVIDIA/garak/blob/main/garak/probes/promptinject.py](https://github.com/NVIDIA/garak/blob/main/garak/probes/promptinject.py) - **Promptfoo**: Dedicated tool for indirect prompt injection testing and payload detection.