fatcousin
// case type

LLM prompt injection

adversarial input — user prompt, retrieved doc, MCP tool result, uploaded attachment — manipulates an LLM into ignoring its system prompt or executing unintended actions. evidence is the attempt log, the matched pattern cluster, the indirect-injection carrier artifact, and the guardrail bypass score. distinct from ai-agent-runaway (autonomous scope creep with a benign prompt) and insider-threat (human actor with no model in the path).

tools
19
priority
H
processing
local · in browser
// start here

entry point: llm prompt injection attempt log forensic analyzer. work the primary tools top-down — all local, no upload.

run this kit →

start here · primary tools

ordered. work top-down. the first tool is the suggested entry point for this case type.

  1. llm prompt injection attempt log forensic analyzerdrop llm api/chat injection log export · parse user turn + matched pattern + model response · runs locally
  2. prompt injection attempt detector in uploaded docdrop pdf / docx / image · detect known prompt-injection payload patterns · runs locally
  3. indirect prompt injection document artifact detectordrop uploaded doc + chat export · detect hidden instruction payloads in attachments · runs locally
  4. mcp prompt injection via tool result detectordrop mcp server tool result log · detect injection payloads in tool responses · runs locally
  5. rag prompt injection via retrieved doc detectordrop retrieved docs · detect injection payloads in retrievals · runs locally
  6. llm jailbreak conversation artifact detectorscan conversation exports for dan · roleplay bypass · injection patterns · severity · export csv · runs locally
  7. llm guardrail bypass score anomaly detectordrop safety classifier log export · detect score manipulation + threshold edge cases · runs locally

also useful · secondary tools

supporting and follow-up tools. surface as the investigation widens.

  1. chatbot jailbreak pattern cluster detectordrop chatbot moderation log corpus · cluster jailbreak templates + success rate · runs locally
  2. jailbreak corpus evolution trackerdrop time-series of jailbreaks · track evolution + variant emergence · runs locally
  3. jailbreak prompt corpus pattern matcherdrop observed prompt · match against known jailbreak families · runs locally
  4. llm system prompt exfiltration attempt detectordrop chat session export · detect system prompt leak attempts + encoding tricks · runs locally
  5. llm context window leak detectordrop llm output · detect leakage of system prompt or other contexts · runs locally
  6. llm red team evaluation log forensic analyzerdrop red team eval run export · parse attack success + category + model version · runs locally
  7. multi turn social engineering llm session analyzerdrop long chat export · map persuasion phases + credential solicitation · runs locally
  8. prompt injection artifact detectorscan documents for hidden delimiters · html comments · zero-width · bidi overrides · export csv · runs locally
  9. prompt injection campaign attribution tooldrop set of injection attempts · cluster + attribute to authors · runs locally
  10. llm tool call injection forensic analyzerdrop agent tool call log export · parse injected args + unauthorized tool invocations · runs locally
  11. api key leakage into prompt detectordrop prompt corpus · detect api keys / secrets leaked into prompts · runs locally
  12. vllm inference server log forensic analyzerdrop vllm server log · parse inference requests + cache hits · runs locally
// reference

proof & methodology

synthetic reference investigations and investigation playbooks for this case type — fixture-locked goldens, local binders, evidence order, and tool paths.

investigation guide: LLM prompt injection — methodology

side-by-side: compare case types →

run as a case-kit pipeline

no curated stack for this case type yet. tracked in the forensics rollout — pipelines roll out one case type at a time.

ready