Test LLM-integrated applications against known prompt injection techniques, evasion methods, and attack intents using the Arcanum PI Taxonomy. Use when red-teaming AI apps, validating guardrails, or deepening LLM01 (Prompt Injection) assessments.
التثبيت
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
Test LLM-integrated applications against known prompt injection techniques, evasion methods, and attack intents using the Arcanum PI Taxonomy. Use when red-teaming AI apps, validating guardrails, or deepening LLM01 (Prompt Injection) assessments.
license
CC-BY-4.0
Prompt Injection Testing
Systematically test an LLM application's prompt injection defenses by following the full procedure in plays/prompt-injection-testing.md.
Based on the Arcanum PI Taxonomy by Jason Haddix (Arcanum Information Security). CC BY 4.0.
Steps
Scope and Input Surface Mapping — Identify all paths where attacker-controlled content reaches the LLM: direct (chat, API params) and indirect (file uploads, web fetches, RAG docs, tool outputs, MCP resources).
Test by Attack Intent (13 intents) — For each authorized intent, attempt to achieve the attacker's goal:
INT-01 System Prompt Leak, INT-02 Jailbreak, INT-03 Tool Enumeration
INT-04 API Enumeration, INT-05 Get Prompt Secret, INT-06 Attack Users
INT-07 Data Poisoning, INT-08 Denial of Service, INT-09 Discuss Harm
INT-10 Multi-Chain Attacks, INT-11 Generate Image, INT-12 Test Bias
INT-13 Business Integrity
Test by Attack Technique (18 techniques) — Apply known payload construction methods:
Advanced: steganography, link smuggling, graph nodes, waveforms, case changing
Execute Test Matrix — Combine intents x techniques x evasions. Prioritize: high-impact intents first, indirect surfaces second, evasion sweeps against defenses that blocked direct attempts.
Assess Results — For each successful injection, document: severity, attack path (intent + technique + evasion + surface), exact payload, detection gap, and remediation.
Defense Validation — Check the 5-layer defense checklist: ecosystem hardening, model guardrails, prompt-layer defenses, data-layer controls, application-layer validation.
Output
Test results summary table (intent / technique / evasion / surface / result / severity), detailed findings using templates/finding.md, defense coverage checklist with gaps highlighted, and prioritized recommendations.