Home · Library · Security Brief

Agent prompt defense briefing

Intermediate · 9 min read

Protect agent workflows from prompt injection and supply-chain risks.

Educational only. Not legal advice. No custody, trading, or securities products.

Threat model

Attackers inject instructions through user text, forum posts, PDFs, or tool outputs to make an agent leak keys, ignore disclaimers, or promote illicit token sales.

Supply-chain risk: unpinned skills packages, remote prompts, or “helpful” third-party APIs that rewrite policy.

Isolation tactics

Hard-code compliance system rules that user content cannot override. Strip or escape tool-control tokens from user input. Run high-risk tools (network, file write) behind allowlists.

Use separate contexts: retrieval docs in one channel, user chat in another, tool results in a third — never merge raw.

Audit checklist

Log tool calls without secrets. Red-team with known injection strings monthly. Pin skill YAML versions. Fail closed when compliance keywords collide with investment solicitations.

Checklist

Next steps