The
Attack Catalogue.
Every attack in PromptShield is reproducible, mapped to 9 of 10 OWASP LLM categories, and documented with concrete detection indicators and mitigations. This overview is the public subset — the full 217 vectors run in the 25-attack and Continuous-CI tiers.
LLM08 — Vector & Embedding Weaknesses — shipping 2026.05.
Prompt Injection
- CRITICAL IGNORE_PRIOR_OVERRIDE
Direct prompt injection
User input overrides your model’s system instruction and takes control of the response.
Full vector report → - CRITICAL RAG_HTML_COMMENT_HIJACK
Indirect injection (RAG)
Malicious instructions arrive not from the user but from a retrieved document or web page — and still get executed.
Full vector report → - HIGH DAN_PERSONA_FORK
System-prompt jailbreak
A persona or role override bypasses your content policy without attacking the system prompt directly.
Full vector report →
Sensitive Information Disclosure
Data and Model Poisoning
Improper Output Handling
Excessive Agency
- HIGH ARG_INJECTION_DELETE
Tool-call hijacking
Attacker-controlled inputs steer function arguments and execute privileged actions under the user’s identity.
Full vector report → - HIGH CC_BCC_SMUGGLE
Plugin privilege escalation
A plugin / tool accepts inputs without validation and uses them to perform privileged actions outside the conversation’s scope.
Full vector report →
System Prompt Leakage
Public catalogue not enough? Continuous tier scans your endpoint against all 217 vectors after every commit — including your own custom test cases and a signed PDF report per run.
View Continuous tier →