Test LLM-integrated applications against known prompt injection techniques, evasion methods, and attack intents using the Arcanum PI Taxonomy. Use when red-teaming AI apps, validating guardrails, or deepening LLM01 (Prompt Injection) assessments.
Instalación
Instalar con Codex o Claude Copia este prompt, pégalo en Codex, Claude u otro asistente, y deja que revise la página de la skill y la instale por ti.
Test LLM-integrated applications against known prompt injection techniques, evasion methods, and attack intents using the Arcanum PI Taxonomy. Use when red-teaming AI apps, validating guardrails, or deepening LLM01 (Prompt Injection) assessments.
license
CC-BY-4.0
Prompt Injection Testing
Systematically test an LLM application's prompt injection defenses by following the full procedure in plays/prompt-injection-testing.md.
Based on the Arcanum PI Taxonomy by Jason Haddix (Arcanum Information Security). CC BY 4.0.
Steps
Scope and Input Surface Mapping — Identify all paths where attacker-controlled content reaches the LLM: direct (chat, API params) and indirect (file uploads, web fetches, RAG docs, tool outputs, MCP resources).
Test by Attack Intent (13 intents) — For each authorized intent, attempt to achieve the attacker's goal:
INT-01 System Prompt Leak, INT-02 Jailbreak, INT-03 Tool Enumeration
INT-04 API Enumeration, INT-05 Get Prompt Secret, INT-06 Attack Users
INT-07 Data Poisoning, INT-08 Denial of Service, INT-09 Discuss Harm
INT-10 Multi-Chain Attacks, INT-11 Generate Image, INT-12 Test Bias
INT-13 Business Integrity
Test by Attack Technique (18 techniques) — Apply known payload construction methods:
Advanced: steganography, link smuggling, graph nodes, waveforms, case changing
Execute Test Matrix — Combine intents x techniques x evasions. Prioritize: high-impact intents first, indirect surfaces second, evasion sweeps against defenses that blocked direct attempts.
Assess Results — For each successful injection, document: severity, attack path (intent + technique + evasion + surface), exact payload, detection gap, and remediation.
Defense Validation — Check the 5-layer defense checklist: ecosystem hardening, model guardrails, prompt-layer defenses, data-layer controls, application-layer validation.
Output
Test results summary table (intent / technique / evasion / surface / result / severity), detailed findings using templates/finding.md, defense coverage checklist with gaps highlighted, and prioritized recommendations.