Skip to content
ATR-2026-00104criticalPrompt Injectionexperimental

Persona Hijacking via Mandatory System Prompt Override

Detects MCP tools that attempt to override system prompts or behavioral guidelines by instructing the AI to "adopt" a persona and "replace" existing instructions. This is a prompt injection attack delivered through tool descriptions rather than user input, exploiting the trust relationship between the LLM and its tools to fundamentally alter the agent's behavior and identity.

嚴重度
critical
類別
Prompt Injection
掃描目標
mcp
作者
ATR Community

建議回應

block toolalertsnapshot

參考資料

OWASP Agentic
ASI01:2026 - Agent Goal HijackASI10:2026 - Rogue Agents
OWASP LLM
LLM01:2025 - Prompt InjectionLLM07:2025 - System Prompt Leakage
MITRE ATLAS
AML.T0051 - Prompt Injection
在 GitHub 上查看完整 YAML →

更多 Prompt Injection 規則

ATR-2026-00001highDirect Prompt Injection via User InputATR-2026-00002highIndirect Prompt Injection via External ContentATR-2026-00003highJailbreak Attempt DetectionATR-2026-00004criticalSystem Prompt Override AttemptATR-2026-00005mediumMulti-Turn Prompt Injection