Home · Library · Security Brief
Agent prompt defense briefing
Intermediate · 9 min read
Protect agent workflows from prompt injection and supply-chain risks.
Threat model
Attackers inject instructions through user text, forum posts, PDFs, or tool outputs to make an agent leak keys, ignore disclaimers, or promote illicit token sales.
Supply-chain risk: unpinned skills packages, remote prompts, or “helpful” third-party APIs that rewrite policy.
Isolation tactics
Hard-code compliance system rules that user content cannot override. Strip or escape tool-control tokens from user input. Run high-risk tools (network, file write) behind allowlists.
Use separate contexts: retrieval docs in one channel, user chat in another, tool results in a third — never merge raw.
Audit checklist
Log tool calls without secrets. Red-team with known injection strings monthly. Pin skill YAML versions. Fail closed when compliance keywords collide with investment solicitations.
Checklist
- System policy is immutable at runtime
- User content cannot enable custody or trading tools
- Dependencies pinned with integrity checks
- Injection regression tests in CI