home/productivity/agent-security-and-prompt-injection-2

Agent Security And Prompt Injection

GPTClaudeDeepSeek··1,298 copies·updated 2026-07-14
agent-security-and-prompt-injection-2.prompt
---
title: Agent Security And Prompt Injection
owner: Prompthon IO
updated: 2026-06-07
depth: advanced
region_tags:
  - global
coding_required: optional
external_readings:
  - title: "OpenAI: Designing AI agents to resist prompt injection"
    url: https://openai.com/index/designing-agents-to-resist-prompt-injection/
  - title: "OpenAI: Understanding prompt injections"
    url: https://openai.com/safety/prompt-injections/
  - title: "OpenAI Help: Lockdown Mode is now available to all logged-in users"
    url: https://help.openai.com/en/articles/6825453-chatgpt-release-notes
  - title: "OpenAI API: MCP and Connectors"
    url: https://developers.openai.com/api/docs/guides/tools-connectors-mcp
  - title: "OpenAI API: Building MCP servers"
    url: https://developers.openai.com/api/docs/mcp
  - title: "OpenAI API: Computer use"
    url: https://developers.openai.com/api/docs/guides/tools-computer-use
  - title: "Model Context Protocol: Security Best Practices"
    url: https://modelcontextprotocol.io/docs/tutorials/security/security_best_practices
status: draft
---

import SupportCTA from "/snippets/support-cta.mdx";

<SupportCTA />

## Summary

Prompt injection turns agent security into a system-design problem. Once an
agent can browse, read files, call connectors, or trigger write actions, the
real question is no longer just "can the model detect bad text?" It becomes
"which untrusted inputs can reach which dangerous actions, under which review
and containment controls?"

## Why It Matters

Prompt injection is not only a prompt-quality issue. It is an architecture
issue that shows up wherever untrusted content and real capability meet.

- Web pages, emails, PDFs, chat logs, connector payloads, and tool outputs can
  all carry hostile instructions.
- The riskiest failures usually involve `sources` plus `sinks`: untrusted input
  reaches a capability that can exfiltrate data, change state, or take action
  for the user.
- Better model behavior helps, but production systems still need boundaries,
  approvals, and logs in case some attacks succeed.

That is why the current security signal around Lockdown Mode is useful for the
handbook: it frames prompt injection as a control-surface problem, not only a
model-intelligence problem.

## Mental Model

Use a four-part review:

1. `sources`: where untrusted content enters the run
2. `sinks`: which tools, connectors, or side effects could become dangerous
3. `boundaries`: what isolation, auth, or scope limits stand between them
4. `confirmations`: which actions require human approval before the system
   proceeds

The key design move is to assume some malicious content will be seen. The goal
is to make sure seeing it does not automatically grant power.

## Architecture Diagram

when to use it

Community prompt sourced from the open-source GitHub repo Prompthon-IO/agent-systems-handbook (NOASSERTION). A "Agent Security And Prompt Injection" style prompt — adapt the placeholders and specifics to your task. Imported as-is and not independently retested here, so check the output before relying on it.

tags

productivitycommunitydeveloper

source

Prompthon-IO/agent-systems-handbook · NOASSERTION