00 — Overview

Indirect Prompt Injection

When an AI reads external content — web pages, emails, documents — an attacker can hide instructions inside that content. The AI reads it and obeys. The user never sees the injection.

Intermediate·30 min·5 tasks

// By the end of this module

→Understand how malicious content in external data can hijack AI actions

→Exploit indirect prompt injection in RAG and tool-calling pipelines

→Exfiltrate sensitive data via an LLM acting as an unwitting proxy

→Identify indirect injection sinks in web content, emails, and documents

// Prerequisites

AI Security · Beginner

Prompt Injection

35 min

→