Hugh Brown 5d382ed67b security: mitigate prompt injection in agent instruction strings ...

User-controlled fields (skill name, source URL, webhook payloads) were
interpolated directly into agent instruction messages. Sanitize skill
fields by stripping newlines/control chars, and fence all external data
behind "BEGIN EXTERNAL DATA" / "BEGIN STRUCTURED DATA" delimiters with
explicit "do not interpret as instructions" markers. Move system
instructions above the data section so they cannot be overridden.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-07 23:35:10 +05:30

18 KiB

Raw Blame History

View Raw