JAILBREAK REFERENCE
# PromptGuard — Jailbreak & Prompt Injection Reference
> **Purpose:** Living reference for PromptGuard rule development.
> Covers known attack families, regex detection patterns, evasion techniques,
> and agentic/MCP-specific vectors as of May 2026.
> Update this file as new techniques emerge.
---
## Table of Contents
1. [Attack Taxonomy](#1-attack-taxonomy)
2. [Direct Injection — Instruction Override](#2-direct-injection--instruction-override)
3. [Jailbreak Persona Families](#3-jailbreak-persona-families)
4. [Multi-Turn & Escalation Attacks](#4-multi-turn--escalation-attacks)
5. [Authority & Social Engineering Attacks](#5-authority--social-engineering-attacks)
6. [Indirect Injection Vectors](#6-indirect-injection-vectors)
7. [Encoding & Obfuscation Evasion](#7-encoding--obfuscation-evasion)
8. [Agentic & MCP-Specific Attacks](#8-agentic--mcp-specific-attacks)
9. [Data Exfiltration Channels](#9-data-exfiltration-channels)
10. [System Prompt Leaking](#10-system-prompt-leaking)
11. [Detection Regex Patterns](#11-detection-regex-patterns)
12. [PromptGuard Rule Mapping](#12-promptguard-rule-mapping)
13. [What Regex Cannot Catch](#13-what-regex-cannot-catch)
14. [References & Sources](#14-references--sources)
---
## 1. Attack Taxonomy
The field distinguishes two primary categories (OWASP LLM01:2025):when to use it
Community prompt sourced from the open-source GitHub repo dmcslab/promptguard (MIT). A "JAILBREAK REFERENCE" style prompt — adapt the placeholders and specifics to your task. Imported as-is and not independently retested here, so check the output before relying on it.
tags
codingcommunitydeveloper
source
dmcslab/promptguard · MIT
more in Coding
Coding✓ tested
Senior code review (strict mode)
senior staff engineer running a merciless but fair review
Coding✓ tested
Debug by hypothesis, not by guessing
debugging partner who forms theories before touching code
Coding✓ tested
Generate tests from described behavior
test engineer who writes tests that would actually catch regressions