Skip to content

Hide Navigation Hide TOC

ECHO Admin Command / SQL Injection / Jinja SSTI Template Injection - ATR-2026-00407 (1d01240b-adaa-5ff7-bd81-5f6a7d6d9187)

Detects three exploitation.py injection variants. ECHO template injection frames the model as an echo-command tester and embeds Jinja {{...}} SSTI payloads after ECHO:. SQL injection directs the model to execute DROP/INSERT/SELECT statements with SUCCESS/FAILURE response markers. The "garak pwnd" literal appears in SQL INSERT payloads. From NVIDIA garak exploitation probe JinjaTemplatePythonInjection, SQLInjectionSystem, SQLInjectionEcho classes.

Cluster A Galaxy A Cluster B Galaxy B Level
LLM Prompt Injection (19cd2d12-66ff-487c-a05c-e058b027efc9) MITRE ATLAS Attack Pattern ECHO Admin Command / SQL Injection / Jinja SSTI Template Injection - ATR-2026-00407 (1d01240b-adaa-5ff7-bd81-5f6a7d6d9187) Agent Threat Rules 1