Injection: LLM Prompt Injection¶

Identifier: llm_prompt_injection

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Prompt injection vulnerabilities occur when an LLM-powered endpoint follows attacker-controlled instructions that override the application's system prompt or safety guidelines, allowing manipulation of the model's behaviour, exfiltration of confidential context, or abuse of tools the LLM has access to.

How we test: Once the DAST LLM Security module has detected an LLM-backed endpoint (see LLM-Powered Endpoint Detected), we send a deterministic catalogue of prompt-injection variants through the existing authenticated replay client (new_http_client_with_auth + the recorded BLST template / exchange or HAR request). Variants include direct instruction override ("ignore previous instructions"), role swap, delimiter break, and context smuggling. Each variant asks the model to emit a unique canary string (PWNED_<uuid>); the check is confirmed only when the canary appears verbatim in the response, eliminating false positives from generic refusals.

Every probe emits a context.info event with the full prompt, the redacted response excerpt, and the raw HTTP request/response as attachments, so customers can independently audit what was sent.

References:

https://genai.owasp.org/llmrisk/llm01-prompt-injection/

Configuration¶

Example¶

Example configuration:

---
security_tests:
  llm_prompt_injection:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.