Injection: LLM Prompt Injection¶

Identifier: llm_prompt_injection

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Prompt injection vulnerabilities occur when an LLM-powered endpoint follows attacker-controlled instructions that override the application's system prompt or safety guidelines, allowing manipulation of the model's behaviour, exfiltration of confidential context, or abuse of tools the LLM has access to.

How we test: Once the DAST LLM Security module has detected an LLM-backed endpoint (see LLM-Powered Endpoint Detected), we send a deterministic catalogue of prompt-injection variants through the same authenticated flow used during the scan. Variants include direct instruction override ("ignore previous instructions"), role swap, delimiter break, and context smuggling. Each variant asks the model to emit a unique canary string (PWNED_<uuid>); the check is confirmed only when the canary appears verbatim in the response, eliminating false positives from generic refusals.

References:

https://genai.owasp.org/llmrisk/llm01-prompt-injection/

Configuration¶

Example¶

Example configuration:

---
security_tests:
  llm_prompt_injection:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.