Skip to content
ATR-2026-00001highPrompt Injectionexperimental

Direct Prompt Injection via User Input

Detects direct prompt injection attempts where a user embeds malicious instructions within their input to override the agent's intended behavior. This rule uses layered detection covering: instruction override verbs with target nouns, persona switching, temporal behavioral overrides, fake system delimiters, restriction removal, encoding- wrapped payloads (base64, hex, unicode homoglyphs), and zero-width character obfuscation of injection keywords. Patterns are designed for evasion resistance with word boundary anchors, flexible whitespace, and synonym coverage based on published attack taxonomies.

Severity
high
Category
Prompt Injection
Scan Target
mcp
Author
ATR Community

Response Actions

block inputalertsnapshotescalate

References

CVE
CVE-2024-5184CVE-2024-3402CVE-2025-53773
OWASP Agentic
ASI01:2026 - Agent Goal Hijack
OWASP LLM
LLM01:2025 - Prompt Injection
MITRE ATLAS
AML.T0051 - LLM Prompt InjectionAML.T0051.000 - Direct
View full YAML on GitHub →

More Prompt Injection Rules

ATR-2026-00002highIndirect Prompt Injection via External ContentATR-2026-00003highJailbreak Attempt DetectionATR-2026-00004criticalSystem Prompt Override AttemptATR-2026-00005mediumMulti-Turn Prompt InjectionATR-2026-00080highEncoding-Based Prompt Injection Evasion