Prompt Injection Defense Checklist
Agent QA & Security
90-150 minutes0/4 steps0%
Step 1 of 4
Map trust boundaries
You cannot isolate untrusted content you have not identified.
First time here? Paste the Context Pack first so the AI understands your project - open it from the header above.
Prompt Capsule
Map every content source entering the agent's context and assign trust. TRUSTED: the system prompt, harness-generated content. SEMI-TRUSTED: the direct user's messages (the user is authorized but can be socially engineered or malicious). UNTRUSTED: everything the agent reads or fetches - file contents, web pages, tool results, sub-agent outputs, API responses, and crucially any of these that originated from third parties. For each source, note what actions its content could try to trigger and the worst-case if it succeeds. Produce the trust-boundary map and rank sources by injection risk (reach x impact). Highlight the dangerous combination: untrusted content plus authority to call high-impact tools.
Paste into EmergentFull Build: complete implementation prompt with explicit requirements
Quick is short. Full Build is recommended for most steps. Strict forces real logic when the AI keeps faking output.
Actual change check
Expected after this step
A trust-boundary map ranking every source by injection risk.
Should NOT happen
- An existing feature broke
- A button only logs to console
- Data disappears after refresh
- Errors fail silently with no visible state
This is what should exist before you continue. If reality does not match, do not move on.
Track what changed, failed, or needs follow-up. Notes export with the flow.
Pass the Verify Gate to complete this step