Indirect Prompt Injection

A prompt injection attack where malicious instructions are embedded in external content that an AI agent retrieves and processes, such as a webpage, document, or email, rather than being typed directly by a user. When the agent reads the content, it inadvertently executes the attacker's instructions, potentially causing it to leak data, take unauthorized actions, or behave in ways neither the user nor developer intended. Indirect prompt injection is an active research area and a growing concern as agentic AI systems are deployed in real-world environments.
See also: prompt injection, agentic AI, data exfiltration.