openclaw-claude-bridge: sandbox is not effective - `--allowed-tools ""` does

Compiled AI: Deterministic Code Generation for LLM-Based Workflow Automation

recognition accuracy (LIR: 80.4%). Security evaluation across 135 test cases demonstrates 96.7% accuracy on prompt injection detection and 87.5% on static code safety analysis with zero false positives

PraisonAI Has SSRF in FileTools.download_file() via Unvalidated URL

PraisonAI Has Sandbox Escape via shell=True and Bypassable Blocklist

PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution

PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in

ClawSafety: "Safe" LLMs, Unsafe Agents

like OpenClaw run with elevated privileges on users' local machines, where a single successful prompt injection can leak credentials, redirect financial transactions, or destroy files. This threat goes well beyond

OpenClaw has Sandbox Media Root Bypass via Unnormalized `mediaUrl` / `fileUrl

Crossing the NL/PL Divide: Information Flow Analysis Across the NL/PL Boundary in LLM-Integrated Code

expert-annotated pairs, with cross-language validation on six real-world OpenClaw prompt injection cases further confirming effectiveness; (2)~taxonomy-informed backward slicing reduces slice size by a mean

Evaluating Privilege Usage of Agents on Real-World Tools

allows LLM agents to invoke genuine privileges, enabling the evaluation of privilege usage under prompt injection attacks. Our results indicate that while LLMs exhibit basic security awareness and can block

@mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile

Claudini: Autoresearch Discovers State-of-the-Art Adversarial Attack Algorithms for LLMs

attack \textit{algorithms} that \textbf{significantly outperform all existing (30+) methods} in jailbreaking and prompt injection evaluations. Starting from existing attack implementations, such as GCG~\citep{zou2023universal}, the agent iterates

SecureBreak -- A dataset towards safe and secure models

growing body of scientific literature showing that attacks, such as jailbreaking and prompt injection, can bypass existing security alignment mechanisms. As a consequence, additional security strategies are needed both

The production of meaning in the processing of natural language

word order, and discuss the information-theoretic constraints that genuine contextuality imposes on prompt injection defenses and its human analogue, whereby careful construction and maintenance of social contextuality

Caging the Agents: A Zero Trust Security Architecture for Autonomous AI in Healthcare

instructions, sensitive information disclosure, identity spoofing, cross-agent propagation of unsafe practices, and indirect prompt injection through external resources [7]. In healthcare environments processing Protected Health Information, every such vulnerability

MCP-38: A Comprehensive Threat Taxonomy for Model Context Protocol Systems (v1.0)

addresses critical threats arising from MCP's semantic attack surface (tool description poisoning, indirect prompt injection, parasitic tool chaining, and dynamic trust violations), none of which are adequately captured

CoMAI: A Collaborative Multi-Agent Framework for Robust and Equitable Interview Evaluation

scoring, and summarization. These agents work collaboratively to provide multi-layered security defenses against prompt injection, support multidimensional evaluation with adaptive difficulty adjustment, and enable rubric-based structured scoring that

Security Considerations for Artificial Intelligence Agents

across tools, connectors, hosting boundaries, and multi-agent coordination, with particular emphasis on indirect prompt injection, confused-deputy behavior, and cascading failures in long-running workflows. We then assess current

Taming OpenClaw: Security Analysis and Mitigation of Autonomous LLM Agent Threats

execution, and systematically examine compound threats across the agent's operational lifecycle, including indirect prompt injection, skill supply chain contamination, memory poisoning, and intent drift. Through detailed case studies

Follow the Saliency: Supervised Saliency for Retrieval-augmented Dense Video Captioning

that drives retrieval via saliency-guided segmentation and informs caption generation through explicit Saliency Prompts injected into the decoder. By enforcing saliency-constrained segmentation, our method produces temporally coherent segments