InjecAgent: Benchmarking Indirect Prompt Injections in Tool-Integrated Large Language Model Agents

arXiv:2403.02691v1 Announce Type: cross
Abstract: Recent work has embodied LLMs as agents, allowing them to access tools, perform actions, and interact with external content (e.g., emails or websites). However, external content introduces the risk of indirect prompt injection (IPI) attacks, where malicious instructions are embedded within the content processed by LLMs, aiming to manipulate these agents into executing detrimental actions against users. Given the potentially severe consequences of such attacks, establishing benchmarks to assess and mitigate these risks is imperative. …

access actions arxiv attacks benchmarking cs.cl cs.cr emails embedded external injection language large large language model llms malicious processed prompt prompt injection risk tool tools websites work