// first 10 minutes

LLM prompt injection — quick-start

LLM prompt injection — first 10 minutes. capture the adversarial input before it is overwritten. print this, check boxes, then run the primary tools.

checklist

preserve the exact input that triggered the injection: user message, RAG chunk, uploaded document, or tool result — with full context, not just the suspect string.
preserve the model's output alongside the input — the deviation from expected behavior is the evidence.
note the injection source category: direct user input, indirect via RAG retrieval, injected via tool result, or embedded in an uploaded document.
pull the full prompt context window for the affected session if your logging captures it — system prompt, conversation history, and the injected payload.
check whether the injection caused the model to ignore the system prompt, exfiltrate data via a crafted tool call, or output instructions for the user to follow.
identify what the model was instructed to do by the injected content — not just what it did.
check whether the same injection vector has been triggered in other sessions — query your logging for similar patterns.
preserve any tool calls the model made during or after the injection — the call graph is the blast-radius map.
note the model version, temperature, and any safety configuration at the time — context for the defense.
begin the primary tool path below — prompt injection pattern analyzer.

// first 10 minutes

LLM prompt injection — first 10 minutes. capture the adversarial input before it is overwritten. print this, check boxes, then run the primary tools.

preserve the exact input that triggered the injection: user message, RAG chunk, uploaded document, or tool result — with full context, not just the suspect string.
preserve the model's output alongside the input — the deviation from expected behavior is the evidence.
note the injection source category: direct user input, indirect via RAG retrieval, injected via tool result, or embedded in an uploaded document.
pull the full prompt context window for the affected session if your logging captures it — system prompt, conversation history, and the injected payload.
check whether the injection caused the model to ignore the system prompt, exfiltrate data via a crafted tool call, or output instructions for the user to follow.
identify what the model was instructed to do by the injected content — not just what it did.
check whether the same injection vector has been triggered in other sessions — query your logging for similar patterns.
preserve any tool calls the model made during or after the injection — the call graph is the blast-radius map.
note the model version, temperature, and any safety configuration at the time — context for the defense.
begin the primary tool path below — prompt injection pattern analyzer.