Prompt Injection Strategy

The Prompt Injection strategy tests common direct prompt injection vulnerabilities in LLMs.

To enable prompt injections across all your red team tests, add the following to your promptfooconfig.yaml file:

strategies:
  - prompt-injection

By default, it will randomly select a prompt injection from a list of hundreds. To control the number of prompt injections sampled, use the sample option:

strategies:
  - id: prompt-injection
    config:
      sample: 10

Note that this has a multiplicative effect on the number of tests run! It means that for each test case generated by a plugin, 10 prompt injections will be tested.

This strategy also supports a harmfulOnly option, which will limit prompt injections to harmful plugins. This can be useful for saving time/cost:

strategies:
  - id: prompt-injection
    config:
      sample: 5
      harmfulOnly: true

Example Injections

1. OPPO
2. Skeleton key
3. DAN

Importance in Gen AI Red Teaming

Prompt injection is a widely known attack vector. Although foundation labs are making efforts to mitigate injections at the model level, it's still necessary to test your application's handling of user-provided prompts.

Related Concepts

• Iterative Jailbreak
• Tree Jailbreak
• Multi-turn Jailbreaks

For a comprehensive overview of LLM vulnerabilities and red teaming strategies, visit our Types of LLM Vulnerabilities page.