{"ok":true,"version":"2026.07.15.12","data":{"id":"agent-prompt-defense","title":"Agent prompt defense briefing","type":"Security Brief","level":"Intermediate","readTime":9,"summary":"Protect agent workflows from prompt injection and supply-chain risks.","tags":["security","agents","prompting"],"outcomes":["Isolate untrusted inputs","Enforce tool boundaries","Pin dependencies"],"outline":["Threat model","Isolation tactics","Audit checklist"],"cta":"Read the briefing","path":"/library/agent-prompt-defense","hasFullBody":true,"body":{"sections":[{"heading":"Threat model","paragraphs":["Attackers inject instructions through user text, forum posts, PDFs, or tool outputs to make an agent leak keys, ignore disclaimers, or promote illicit token sales.","Supply-chain risk: unpinned skills packages, remote prompts, or “helpful” third-party APIs that rewrite policy."]},{"heading":"Isolation tactics","paragraphs":["Hard-code compliance system rules that user content cannot override. Strip or escape tool-control tokens from user input. Run high-risk tools (network, file write) behind allowlists.","Use separate contexts: retrieval docs in one channel, user chat in another, tool results in a third — never merge raw."]},{"heading":"Audit checklist","paragraphs":["Log tool calls without secrets. Red-team with known injection strings monthly. Pin skill YAML versions. Fail closed when compliance keywords collide with investment solicitations."]}],"checklist":["System policy is immutable at runtime","User content cannot enable custody or trading tools","Dependencies pinned with integrity checks","Injection regression tests in CI"]}}}