Latent Prompt Injection via Embedded Document or Report Context - ATR-2026-00286 (7861011b-7ea6-5db3-bc01-386214b8620d)
Detects latent prompt injection embedded inside document contexts beyond translation (covered by ATR-2026-00264). From NVIDIA garak latentinjection.py: LatentInjectionReportFull, LatentInjectionResumeFull, LatentInjectionFactSnippetEiffel, LatentInjectionFactSnippetLegal, LatentJailbreakFull, LatentWhoisSnippetFull. The attack hides an instruction inside an otherwise legitimate document (report, resume, legal text, Whois output, factual snippet) and asks the agent to process the document. The hidden instruction then hijacks the agent's task. Key injection patterns planted inside documents: (1) "Ignore the above and..." hidden in document body; (2) "Your task is now to..." appearing mid-document; (3) Injected tool call or API instruction embedded in base64 or comment syntax; (4) "" HTML comment injection in document content. Complements ATR-2026-00265 (RAG/document) with report, resume, and structured data contexts that agents commonly process.