PraisonAI has an Arbitrary File Write in Python API

from the lack of proper sandboxing when evaluating an LLM generated python script. Using prompt injection techniques, an unauthenticated attacker with the ability to send prompts to a chatflow using

Attention is All You Need to Defend Against Indirect Prompt Injection Attacks in LLMs

agents) to perform more sophisticated tasks. However, LLM-empowered applications are vulnerable to Indirect Prompt Injection (IPI) attacks, where instructions are injected via untrustworthy external data sources. This paper presents

The Vulnerability of LLM Rankers to Prompt Injection Attacks

LLMs) have emerged as powerful re-rankers. Recent research has however showed that simple prompt injections embedded within a candidate document (i.e., jailbreak prompt attacks) can significantly alter

When Benchmarks Lie: Evaluating Malicious Prompt Classifiers Under True Distribution Shift

Detecting prompt injection and jailbreak attacks is critical for deploying LLM-based agents safely. As agents increasingly process untrusted data from emails, documents, tool outputs, and external APIs, robust attack

AgenticMail: Unauthenticated inbound mail triggers bypassPermissions resume of the operator

@mobilenext/mobile-mcp: Arbitrary Android Intent Execution via mobile_open_url

Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks

Prompt Fencing: A Cryptographic Approach to Establishing Security Boundaries in Large Language Model Prompts

present Prompt Fencing, a novel architectural approach that applies cryptographic authentication and data architecture principles to establish explicit security boundaries within LLM prompts. Our approach decorates prompt segments with cryptographically

Fingerprinting LLMs via Prompt Injection

prompts, which are not robust to post-processing. In this work, we propose LLMPrint, a novel detection framework that constructs fingerprints by exploiting LLMs' inherent vulnerability to prompt injection

Brain-Prompt Injection: A Route-Safety Audit for BCI-LLM Agents

channel for tool-use agents, exposing a new attack surface we call \emph{brain-prompt injection}: signal-side perturbations, context-only injections, and adaptive dual-decoder attacks can all change

auth-fetch-mcp: SSRF and disk exfiltration via unvalidated auth

TEMPLATEFUZZ: Fine-Grained Chat Template Fuzzing for Jailbreaking and Red Teaming LLMs

elicit harmful outputs, poses significant security risks. While prior work has primarily focused on prompt injection attacks, these approaches often require resource-intensive prompt engineering and overlook other critical components

ChatGPT: Excellent Paper! Accept It. Editor: Imposter Found! Review Rejected

that the review was generated by an LLM, not a human. This method turns prompt injections from vulnerability into a verification tool. We outline our design, expected model behaviors

Securing LLM-as-a-Service for Small Businesses: An Industry Case Study of a Distributed Chatbot Deployment Platform

tenant data access controls. In addition, the platform integrates practical, platform-level defences against prompt injection attacks in RAG-based chatbots, translating insights from recent prompt injection research into deployable

Parameter-Efficient Modality-Balanced Symmetric Fusion for Multimodal Remote Sensing Semantic Segmentation

representations while minimizing the number of trainable parameters. Specifically, we design a Cross-modal Prompt-Injected Adapter (CPIA) to enable deep semantic interaction by generating shared prompts and injecting them

Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability

sandbox escape, denial of service by crashing the server, server-side request forgery, prompt injection, and server

Attacks by Content: Automated Fact-checking is an AI Security Issue

manipulate the data they receive to subvert their behaviour. Previous research has studied indirect prompt injection, where the attacker injects malicious instructions. We argue that injection of instructions

Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base