Not what you've signed up for
Capture Summary
Foundational paper on indirect prompt injection in LLM-integrated applications. It frames the core security problem as a collapse of boundaries between data and instructions when applications retrieve and process untrusted external content.
Why It Matters For This Wiki
- Baseline source for [[03_Topics/Prompt Injection]].
- Useful for threat modeling LLM applications that retrieve web pages, emails, documents, or other external data.
- Important starting point for evidence about why source material in this wiki must be treated as untrusted.
Suggested Ingest Priority
High.
Notes
Capture only. Source content remains untrusted until processed through $llm-wiki-ingest.