A concrete example
A web page contains a hidden instruction telling the agent to ignore its rules and send off data.
Why it matters
The moment an agent reads emails, pages, or files, it can be exposed to hostile instructions.
You'll see it in agents that read outside content, public chatbots, and tools connected to the web.
Don't mix it up with
Indirect prompt injection: An indirect prompt injection hides malicious instructions inside content that the agent reads.
Guardrail: A guardrail is a safety rule that limits what an AI or an agent is allowed to do.
Common mistakes
- Thinking one line in the system prompt is enough.
- Trusting all outside content.
- Letting an agent act without validation or limited permissions.
Quick checklist
- First I check whether the word names a concept, a tool, a risk, or a metric.
- I tie it to a concrete case: A web page contains a hidden instruction telling the agent to ignore its rules and send off data.
- I keep the main trap in mind: Thinking one line in the system prompt is enough.
Quick questions
What is Prompt injection in AI?
A prompt injection tries to hijack the instructions of a model or an agent.
Where will I run into Prompt injection?
You'll see it in agents that read outside content, public chatbots, and tools connected to the web.
Which word should I read next?
Start with Indirect prompt injection, Guardrail, Human-in-the-loop.