Skip to content

Hide Navigation Hide TOC

Indirect Prompt Injection via External Content - ATR-2026-00002 (25be13cc-b593-5a70-bc2a-806b1b2cd544)

Detects indirect prompt injection where malicious instructions are embedded within external content consumed by the agent -- documents, web pages, API responses, emails, or tool outputs. Detection layers cover: HTML comment injection with instruction-like content, zero-width character obfuscation (requiring 5+ consecutive chars to reduce false positives on legitimate multilingual text), model-specific special tokens, CSS- hidden text with injection payloads, invisible text addressing the AI agent directly, base64/encoding within content, data URI injection, markdown link abuse, hidden HTML elements, and white-on-white text techniques.

Cluster A Galaxy A Cluster B Galaxy B Level
Indirect Prompt Injection via External Content - ATR-2026-00002 (25be13cc-b593-5a70-bc2a-806b1b2cd544) Agent Threat Rules LLM Prompt Injection (19cd2d12-66ff-487c-a05c-e058b027efc9) MITRE ATLAS Attack Pattern 1
Indirect Prompt Injection via External Content - ATR-2026-00002 (25be13cc-b593-5a70-bc2a-806b1b2cd544) Agent Threat Rules Indirect (a4a55526-2f1f-403b-9691-609e46381e17) MITRE ATLAS Attack Pattern 1
LLM Prompt Injection (19cd2d12-66ff-487c-a05c-e058b027efc9) MITRE ATLAS Attack Pattern Indirect (a4a55526-2f1f-403b-9691-609e46381e17) MITRE ATLAS Attack Pattern 2