ChatGPT PromptsPrompt Library100 Prompts

100 Best ChatGPT Prompts for Prompt Injection Vulnerability Checks

A practical prompt library of 100 copyable ChatGPT prompts to check for prompt injection vulnerabilities, with usage guidance and best practices.

ChatGPT promptsPrompt injectionVulnerability checksAI safety promptsSecurity auditing promptsPrompt auditing

Best For

Security engineers, QA analysts, AI safety researchers

Prompt Use Cases

  • Audit prompts for injection vectors
  • Test ChatGPT prompts for boundary violations
  • Create mitigations against prompt injection
  • Document prompt security testing procedures

Introduction

The following prompt library is designed for security engineers, QA analysts, and AI safety researchers who want ready-to-use ChatGPT prompts to check for prompt injection vulnerabilities. It provides practical, copyable prompts you can deploy as-is or tailor to your environment.

Use these prompts to audit injection surfaces, validate sandbox boundaries, and document concrete remediation steps. The collection is focused on prompt injection vulnerability checks and safe handling practices for robust AI workflows.

Direct Answer

The best ChatGPT prompts for Prompt Injection Vulnerability Checks are a curated, copyable set of 100 prompts designed to uncover injection surfaces, test boundaries, and guide mitigations. Use the full 100-item list below for comprehensive coverage.

How to Use These ChatGPT Prompts

  • Replace placeholders such as [input], [system_prompt], [payload], and [data] with your real test data or sanitized mock data.
  • Add constraints in the prompt to narrow the scope, e.g., only test within a sandbox or with mocked tools.
  • Request outputs in a defined format (JSON, YAML, or CSV) to facilitate automated verification.
  • Verify outputs against expected risk scores and remediation steps, and document reproducible test steps.

100 Best ChatGPT Prompts for Prompt Injection Vulnerability Checks

  1. 1) Input Escaping and Encoding Check — Role: Security Auditor Task: Assess a user prompt for potential injection vectors and propose mitigations. Context: In a ChatGPT workflow with system prompts, user prompts, and API data, examine common injection patterns (escape sequences, termination characters, boundary bypasses) in [input], [user_prompt], and [data]. Output format: JSON with fields: riskScore (0-100), vulnerabilities (array), mitigations (array), testSteps (array). Constraints: Do not provide weaponizable exploit code. Ensure results are reproducible and clearly cited.
  2. 2) Environment Boundary Validation — Role: QA Engineer Task: Validate that prompts cannot escape defined execution boundaries. Context: Review prompts within a constrained sandbox and verify no prompt can access outside the allowed context via [input], [context], or [data]. Output format: YAML with keys: boundariesBreached (true/false), vectors (list), recommendedControls (list). Constraints: Keep to safe, defensive language; no operational exploit details.
  3. 3) Prompt Termination Sequence Detection — Role: Security Analyst Task: Detect where prompt termination sequences might prematurely end the model's safe boundaries. Context: Analyze prompts that include special characters or sequences that could prematurely terminate an instruction block in [user_prompt] or [system_prompt]. Output format: JSON with fields: foundSequences (array), riskLevel (low/medium/high), remediation (string). Constraints: Provide concrete, testable checks.
  4. 4) Injection Surface Identification — Role: Researcher Task: Enumerate possible injection surfaces in a typical ChatGPT prompt pipeline. Context: Consider surfaces in [input], [system], [data feeds], and [external_plugins]. Output format: JSON list of surfaces with fields: surface (string), vectors (array), mitigation (string). Constraints: Do not reveal internal secrets; focus on public, auditable vectors.
  5. 5) System Message Containment Audit — Role: Security Auditor Task: Verify system messages cannot be manipulated to change intent or leak data. Context: Inspect [system_message_templates], [user_messages], and [context_payloads]. Output format: JSON with fields: containmentScore (0-100), issues (array), fixes (array). Constraints: Do not modify production data; show reproducible steps.
  6. 6) User Prompt Sanitization Scorecard — Role: Compliance Lead Task: Score user prompts for sanitization quality and injection risk. Context: Use a scorecard on [prompt_text], [input_context], and [format_requirements]. Output format: CSV with columns: prompt_id, sanitizationScore, riskNotes. Constraints: Provide actionable remediation suggestions.
  7. 7) Parameter Boundary Enforcement Check — Role: Security Architect Task: Ensure all prompt parameters are validated and bounded. Context: Review [parameters], [payloads], and [query_strings] to detect overflows or unexpected types. Output format: JSON with boundaries (min,max,allowedTypes), violations (array). Constraints: Include exact parameter names and expected types.
  8. 8) Data Leak Surface Scan — Role: Data Privacy Officer Task: Scan prompts for leakage of sensitive data through prompt content. Context: Examine [prompt_text], [history], and [external_sources]. Output format: JSON with fields: leakedDataTypes (array), affectedDataSets (array), mitigation (string). Constraints: Do not reveal actual data; use placeholders where needed.
  9. 9) Content Policy Compliance Verification — Role: Policy Auditor Task: Verify prompts do not instruct model to violate content policies. Context: Check [prompt_text], [system_guidelines], and [policy_rules]. Output format: JSON with fields: compliant (true/false), violations (array), suggestedPolicyUpdates (array). Constraints: Be precise about violated policy clauses.
  10. 10) Script Injection Risk Scan — Role: Security Engineer Task: Identify prompts that could inject or execute scripts in outputs or downstream tools. Context: Review [prompt_text], [tool_calls], and [output_handlers]. Output format: JSON with fields: scriptsDetected (array), riskScore (0-100), mitigations (array). Constraints: Do not provide executable code; describe risk and mitigations.
  11. 11) Tool Access Boundary Verification — Role: Compliance Analyst Task: Validate that prompts cannot bypass tool access restrictions. Context: Inspect [prompt_text], [tool_config], and [allowed_actions]. Output format: JSON with accessViolations (array), severity (low/medium/high), fixes (array). Constraints: Include explicit tool names.
  12. 12) Context Leakage Audit — Role: Security Auditor Task: Check for inadvertent leakage of privileged context into prompts. Context: Analyze [system_context], [user_input], and [response_history]. Output format: JSON with leakageFound (true/false), sources (array), mitigation (string). Constraints: Use safe placeholders for sensitive data.
  13. 13) API Call Injection Surface Test — Role: API Security Engineer Task: Test for prompt-induced API call manipulation. Context: Consider [user_prompt], [api_schema], and [endpoint_parameters]. Output format: JSON with fields: vulnerableEndpoints (array), vectors (array), remedies (array). Constraints: Do not reveal real endpoints beyond mock data.
  14. 14) Formatting and Encoding Resilience Test — Role: Systems Engineer Task: Ensure prompts cannot break formatting or encoding in downstream systems. Context: Review [prompt_text], [output_format], and [encoding_settings]. Output format: JSON with fields: encodingIssues (array), affectedFormats (array), remediation (string). Constraints: Include examples of safe encoding.
  15. 15) Null Byte and Unicode Boundary Check — Role: Security Researcher Task: Test for null byte and unusual Unicode characters bypassing boundaries. Context: Inspect [input], [system_prompt], and [data_payload]. Output format: JSON with fields: boundaryBreaches (array), riskLevel (low/medium/high), mitigations (array). Constraints: Use safe character samples only.
  16. 16) Prompt Chaining Hazard Detection — Role: Threat Modeler Task: Identify risks from chaining prompts across multiple turns. Context: Analyze [turn_history], [current_prompt], and [system_prompt]. Output format: JSON with chainRisks (array), recommendedControls (array), testScenarios (array). Constraints: Provide concrete test sequences.
  17. 17) External Data Sandbox Enforcement — Role: Security Engineer Task: Verify external data sources are sandboxed and cannot affect model prompts. Context: Review [external_sources], [sandbox_config], and [prompt_inputs]. Output format: JSON with fields: sandboxEnforced (true/false), violations (array), fixes (array). Constraints: Use sample data only.
  18. 18) Memory/State Containment Validation — Role: Systems Architect Task: Ensure prompt state cannot leak into other sessions. Context: Consider [session_id], [prompt_history], and [state_store]. Output format: JSON with containmentStatus (true/false), notes (array). Constraints: Provide reproducible steps.
  19. 19) Multi-step Prompt Safe-Guard Check — Role: QA Lead Task: Validate multi-step prompts preserve safety throughout each step. Context: Analyze [step1..stepN], [system_prompt], and [user_prompt]. Output format: JSON with stepScores (array), overallRisk (low/medium/high), remediation (string). Constraints: Provide per-step justification.
  20. 20) Role Confusion and Alignment Check — Role: Security Auditor Task: Detect attempts to confuse model roles to bypass constraints. Context: Review [prompt_text], [role_definitions], and [guardrails]. Output format: JSON with misalignmentFound (true/false), examples (array), fixes (array). Constraints: Include concrete misalignment patterns.
  21. 21) Prompt Template Leakage Detection — Role: Data Auditor Task: Ensure prompt templates do not leak sensitive templates into outputs. Context: Inspect [template_definitions], [prompt_text], and [output_samples]. Output format: JSON with leakedTemplates (array), risk (low/med/high), mitigations (array). Constraints: Provide safe template examples only.
  22. 22) Data Persistence Across Prompts Check — Role: Security Engineer Task: Verify that data from one prompt session does not persist undesirably into another. Context: Examine [session_data], [prompt_sequence], and [storage_layer]. Output format: JSON with persistsBetweenSessions (true/false), affectedDataTypes (array), remedies (array). Constraints: Provide deterministic tests.
  23. 23) Context Switching Resilience Test — Role: QA Analyst Task: Test how prompt injection behaves when context switches between topics. Context: Use [topicA], [topicB], [prompt_chain]. Output format: JSON with switchImpact (low/medium/high), suggestedBoundaries (array). Constraints: Include step-by-step test plan.
  24. 24) JSON/CSV Payload Injection Check — Role: Data Engineer Task: Detect injection attempts via structured payloads such as JSON or CSV in prompts. Context: Review [payload], [prompt], and [parser]. Output format: JSON with payloadVulnerabilities (array), parserResilience (score 0-100), fixes (array). Constraints: Use representative safe payloads.
  25. 25) URL-Based Prompt Injection Probe — Role: Security Researcher Task: Test prompts that incorporate URLs to ensure no prompt injection via URL data occurs. Context: Inspect [url_fields], [prompt_text], and [payload]. Output format: JSON with urlVectors (array), risk (low/med/high), mitigations (array). Constraints: Do not fetch external sites during tests.
  26. 26) File System Interaction Boundary Test — Role: Security Engineer Task: Check prompts that could cause file system access or leakage. Context: Review [file_paths], [prompts], and [system_permissions]. Output format: JSON with fileAccessRisk (low/medium/high), pathsAffected (array), mitigations (array). Constraints: Use safe mock paths.
  27. 27) Privilege Escalation Surface Audit — Role: Security Auditor Task: Identify prompts that could elevate permissions via prompt handling. Context: Examine [roles], [capabilities], and [prompts]. Output format: JSON with escalationVectors (array), riskScore (0-100), hardeningSteps (array). Constraints: Do not propose real exploit techniques.
  28. 28) Time/Date Manipulation Resilience — Role: Threat Analyst Task: Ensure prompts cannot manipulate time/date context to mislead outputs. Context: Look at [timestamps], [timeZone], and [systemClock]. Output format: JSON with timeManipulationDetected (true/false), examples (array), mitigations (array). Constraints: Include safe time samples.
  29. 29) Prompt Injection via User Metadata — Role: Data Quality Lead Task: Check that user metadata cannot influence prompt behavior beyond intended fields. Context: Inspect [user_metadata], [prompt_text], and [system_policies]. Output format: JSON with metadataVulnerabilities (array), requiredPolicies (array), remediation (string). Constraints: Use placeholder metadata.
  30. 30) Language/Locale Confusion Check — Role: Localization Engineer Task: Verify prompts do not exploit language/locale boundaries to bypass guards. Context: Review [locale], [prompt_text], and [translation_layers]. Output format: JSON with localeVulnerabilities (array), fixes (array). Constraints: Provide language-neutral examples.
  31. 31) Reflected Echo in Output Verification — Role: Security Analyst Task: Detect reflected strings in outputs that could leak prompt content. Context: Check [input], [prompt], and [response_output]. Output format: JSON with echoesFound (true/false), exposedContent (array), mitigations (array). Constraints: Use redacted content in outputs.
  32. 32) Tool Invocation Parameter Validation — Role: Security Engineer Task: Validate that any tool invocations from prompts are parameterized and constrained. Context: Review [tool_config], [prompts], and [action_params]. Output format: JSON with paramSanitization (score 0-100), issues (array), fixes (array). Constraints: Include concrete parameter examples.
  33. 33) Meta-Prompt Disclosure Audit — Role: Compliance Lead Task: Check for leakage of meta-prompts into user-facing prompts. Context: Inspect [meta_prompts], [prompt_text], and [guardrails]. Output format: JSON with leakageLocations (array), riskLevel (low/med/high), remediation (string). Constraints: Use safe, non-sensitive examples.
  34. 34) Error Message Leakage Surface Check — Role: AppSec Analyst Task: Ensure error messages do not disclose sensitive internals. Context: Review [errors], [logs], and [prompts]. Output format: JSON with leakageFound (true/false), details (array), mitigations (array). Constraints: Include examples of safe errors.
  35. 35) Logging and Telemetry Scrutiny for Injections — Role: Security Engineer Task: Verify logs do not contain attacker-friendly payloads or secrets. Context: Examine [log_entries], [prompts], and [telemetry]. Output format: JSON with secretsExposed (true/false), payloads (array), mitigations (array). Constraints: Use mock data.
  36. 36) Prompt Injection in Chained Conversations — Role: Threat Modeler Task: Assess risks when prompts are chained across multiple turns. Context: Review [conversation_history], [current_prompt], and [guardrails]. Output format: JSON with chainRisks (array), detectionRules (array), remediation (string). Constraints: Include end-to-end test plan.
  37. 37) System Command Emulation Safeguard — Role: Security Designer Task: Ensure prompts cannot cause the model to emulate system commands or shell behavior. Context: Inspect [prompt_text], [system_guidelines], and [emulation_limits]. Output format: JSON with emulationAttempts (array), riskLevel (low/med/high), mitigations (array). Constraints: Avoid real command syntax; describe patterns.
  38. 38) Memory Buffer Overflow Check in Prompts — Role: Security Researcher Task: Look for prompts that could trigger memory or state overflows in the model. Context: Examine [prompt_text], [model_state], [buffer_limits]. Output format: JSON with overflowVectors (array), risk (low/med/high), fixes (array). Constraints: Use safe, non-executable samples.
  39. 39) Image/Media Prompt Injection Risk Check — Role: Multimedia Security Analyst Task: Inspect prompts that reference images/media for injection attempts. Context: Review [media_references], [prompt_text], and [parsing_pipeline]. Output format: JSON with mediaVectors (array), risks (array), mitigations (array). Constraints: Use non-sensitive media placeholders.
  40. 40) Context-Aware Sanitization Validation — Role: Sanitization Engineer Task: Validate that sanitization adapts to different contexts without leaking content. Context: Consider [context_type], [prompt_text], and [output_requirements]. Output format: JSON with contextSanitizationScore (0-100), gaps (array), recommendations (array). Constraints: Provide concrete sanitization rules.
  41. 41) Domain-Specific Language Safeguards — Role: Domain Expert Task: Ensure prompts using DSLs cannot bypass guards or leak data. Context: Review [dsl_rules], [prompt_text], and [execution_context]. Output format: JSON with dslVulnerabilities (array), mitigations (array). Constraints: Include example DSL statements in a safe form.
  42. 42) Third-Party Plugin Prompt Risk Assessment — Role: Security Manager Task: Assess prompt risks introduced by plugins or extensions. Context: Inspect [plugins], [prompts], and [plugin_policies]. Output format: JSON with pluginRisks (array), mitigations (array), auditNotes (array). Constraints: Use safe plugin examples.
  43. 43) Prompt Template Compromise Detection — Role: Security Auditor Task: Detect if prompt templates can be compromised or substituted. Context: Review [template_definitions], [prompt_instances], and [guardrails]. Output format: JSON with compromisedTemplates (array), risk (low/med/high), remediation (string). Constraints: Provide safe template samples.
  44. 44) Conditional Prompt Path Testing — Role: QA Engineer Task: Test prompt paths triggered by conditionals for injection risks. Context: Analyze [conditions], [paths], and [outputs]. Output format: JSON with pathsVulnerable (array), testPlan (string). Constraints: Include verifiable steps.
  45. 45) Fine-Grained Access Control Verification — Role: Access Control Specialist Task: Verify that prompts respect fine-grained access controls. Context: Review [roles], [permissions], [prompt_inputs]. Output format: JSON with accessViolations (array), risk (low/med/high), fixes (array). Constraints: Include precise permission names.
  46. 46) Quotation/Delimiter Handling Review — Role: Data Engineer Task: Check escape handling for quotes and delimiters in prompts. Context: Inspect [prompt_text], [parsers], and [output_formats]. Output format: JSON with delimiterIssues (array), suggestions (array). Constraints: Use safe sample data.
  47. 47) Byte-Size Limiting Enforcement — Role: Systems Engineer Task: Ensure prompts obey byte-size limits to prevent buffer abuse. Context: Review [prompt_text], [limits], and [encoding]. Output format: JSON with sizeCompliance (true/false), limitExceededExamples (array), fixes (array). Constraints: Provide exact byte limits.
  48. 48) Prompt Reuse Across Sessions Risk Check — Role: QA Analyst Task: Detect risks from reuse of prompts across sessions. Context: Analyze [prompt_pool], [session_history], and [storage]. Output format: JSON with reuseRisk (low/med/high), remediation (string). Constraints: Include testing steps.
  49. 49) JSON Fields Sanitization Check — Role: Data Quality Engineer Task: Validate that JSON fields within prompts are sanitized against injection. Context: Review [json_payload], [prompt_text], and [parsers]. Output format: JSON with sanitizeScore (0-100), vulnerableFields (array), mitigations (array). Constraints: Provide safe json examples.
  50. 50) Role Boundary Assertion in Prompts — Role: Security Architect Task: Ensure prompts do not redefine or override role boundaries. Context: Inspect [role_definitions], [prompt_text], and [guardrails]. Output format: JSON with boundaryBreaches (array), remediation (string). Constraints: Include concrete boundary rules.
  51. 51) User Intent Misinterpretation Risk Assessment — Role: Threat Modeler Task: Assess scenarios where user intent could be misinterpreted to bypass safeguards. Context: Review [user_intent], [prompt], and [guardrails]. Output format: JSON with misinterpretationCases (array), mitigations (array). Constraints: Use safe intent examples.
  52. 52) Echoing Sensitive Data Prevention — Role: Privacy Engineer Task: Detect prompts that cause outputs to repeat sensitive data. Context: Analyze [prompt_text], [output_history], and [data_sinks]. Output format: JSON with echoesFound (true/false), sensitiveTypes (array), mitigations (array). Constraints: Use redacted samples.
  53. 53) Locale-Sensitive Sanitization Check — Role: Localization Engineer Task: Ensure prompts sanitize inputs appropriately across locales. Context: Review [locale], [prompt_text], and [translation_pipelines]. Output format: JSON with localeHurdles (array), fixes (array). Constraints: Provide locale-agnostic guidance.
  54. 54) Shadow Prompt Detection — Role: Security Researcher Task: Identify hidden prompts that may shadow user-visible prompts. Context: Inspect [hidden_prompts], [visible_prompt], and [guardrails]. Output format: JSON with shadowPrompts (array), risk (low/med/high), remediation (string). Constraints: Use safe example data.
  55. 55) Prompt Cache Poisoning Risk Review — Role: Systems Security Task: Check for cache poisoning where malicious prompts alter caches. Context: Review [cache], [prompts], and [cache_policies]. Output format: JSON with poisoningVectors (array), cacheIntegrity (score 0-100), fixes (array). Constraints: Provide safe scenarios.
  56. 56) Blacklist and Whitelist Evasion Test — Role: Security Analyst Task: Test evasion techniques against blacklists/whitelists used in prompts. Context: Look at [lists], [prompts], and [guardrails]. Output format: JSON with evasionExamples (array), successRate (0-100), mitigations (array). Constraints: Use benign examples.
  57. 57) Developer Tools Invocation Guard — Role: DevSecOps Task: Ensure prompts do not misuse developer tools via prompts. Context: Review [dev_tools], [prompts], and [execution_policies]. Output format: JSON with toolAbuse (true/false), toolsAffected (array), fixes (array). Constraints: Include safe tool names.
  58. 58) AI Model Prompt History Exposure Check — Role: Security Auditor Task: Verify prompt history cannot reveal sensitive prompts. Context: Inspect [history], [prompts], and [storage]. Output format: JSON with historyExposure (true/false), mitigations (array). Constraints: Use sanitized history samples.
  59. 59) Delimiter Exploit Scan — Role: Data Engineer Task: Detect exploits using unusual delimiters in prompts. Context: Check [delimiters], [prompt_text], and [parsers]. Output format: JSON with delimiterExploits (array), fixes (array). Constraints: Include safe delimiter examples.
  60. 60) Prompt Storage and Retrieval Safety Check — Role: Security Engineer Task: Ensure stored prompts cannot be manipulated to alter retrievals. Context: Review [storage], [prompts], and [retrieval_policies]. Output format: JSON with storageRisks (array), remediate (array). Constraints: Use mock storage.
  61. 61) Social Engineering Prompt Resistance Test — Role: Security Trainer Task: Evaluate prompts against social-engineering style injections. Context: Analyze [social_scenarios], [prompts], and [guardrails]. Output format: JSON with resistanceScore (0-100), examples (array), improvements (array). Constraints: Keep to training-safe scenarios.
  62. 62) Data Encoding Consistency Check — Role: Data Engineer Task: Verify encoding consistency across prompt inputs and outputs. Context: Review [encodings], [prompts], and [parsers]. Output format: JSON with encodingConsistency (true/false), issues (array), fixes (array). Constraints: Include examples for UTF-8, UTF-16.
  63. 63) Cross-Context Data Handling Audit — Role: Security Analyst Task: Audit how data from one context is handled in another. Context: Inspect [contexts], [prompts], and [data_flows]. Output format: JSON with crossContextRisks (array), mitigations (array). Constraints: Use safe cross-context scenarios.
  64. 64) Input Validation Rule Coverage Review — Role: Validation Engineer Task: Ensure input validation rules cover common injection vectors. Context: Review [validation_rules], [prompt_inputs], and [edge_cases]. Output format: JSON with ruleCoverage (0-100), gaps (array), additions (array). Constraints: Provide concrete rule examples.
  65. 65) Output Truncation and Rounding Check — Role: Systems Engineer Task: Detect output truncation or rounding that hides hints of injection. Context: Examine [outputs], [format_requirements], and [parsers]. Output format: JSON with truncationIssues (array), confidence (low/med/high), mitigations (array). Constraints: Include safe example outputs.
  66. 66) Error Handling Security Check — Role: Software Engineer Task: Ensure error handling paths do not reveal sensitive data or enable injections. Context: Review [error_handlers], [prompts], and [security_policies]. Output format: JSON with sensitiveDataExposure (true/false), fixes (array). Constraints: Use safe error samples.
  67. 67) Prompt Cloning and Duplication Risk Scan — Role: Security Auditor Task: Detect if prompts are duplicable or cloneable to bypass constraints. Context: Inspect [prompt_repository], [clone_controls], and [audit_logs]. Output format: JSON with cloningRisque (array), mitigations (array). Constraints: Provide safe test cases.
  68. 68) Automatic Prompt Rewriting Safeguards — Role: Compliance Engineer Task: Check for automatic rewriting that bypasses guardrails. Context: Review [rewriting_rules], [prompts], and [guardrails]. Output format: JSON with rewritesDetected (true/false), risks (array), fixes (array). Constraints: Use safe rewrite examples.
  69. 69) Language Model Prompt Rewriting Integrity Check — Role: Research Engineer Task: Verify that prompt rewriting preserves integrity and does not introduce injections. Context: Inspect [rewrites], [original_prompt], and [results]. Output format: JSON with integrityScore (0-100), issues (array), mitigations (array). Constraints: Include test cases.
  70. 70) Parameter Substitution Safety Test — Role: Security Auditor Task: Validate safe parameter substitution in prompts. Context: Review [template], [substitutions], and [validation_rules]. Output format: JSON with substitutionSafety (true/false), failures (array), fixes (array). Constraints: Provide concrete substitution examples.
  71. 71) Category/Subcategory Prompt Boundary Test — Role: Data Architect Task: Ensure category boundaries in prompts do not leak across subcategories. Context: Inspect [categories], [prompts], and [metadata]. Output format: JSON with boundaryBreaches (array), remediation (string). Constraints: Use safe metadata.
  72. 72) Sandbox Isolation Verification — Role: Security Engineer Task: Verify sandbox isolation for prompts across components. Context: Review [sandbox_config], [prompts], and [execution_context]. Output format: JSON with isolationScore (0-100), issues (array), fixes (array). Constraints: Use safe sandbox configs.
  73. 73) Privilege-Restricted Data Handling Check — Role: Privacy/Security Consultant Task: Confirm prompts do not access or reveal restricted data. Context: Inspect [restricted_data], [prompts], and [controls]. Output format: JSON with dataAccessPotential (true/false), mitigations (array). Constraints: Use redactable placeholders.
  74. 74) Multi-Language Prompt Injection Scan — Role: Internationalization Expert Task: Test prompt injection risks across multiple languages. Context: Review [languages], [prompts], and [parsing_logic]. Output format: JSON with languageRisks (array), mitigations (array). Constraints: Use safe multilingual samples.
  75. 75) Fine-Tuning Prompt Safety Review — Role: AI Safety Engineer Task: Ensure fine-tuning data cannot introduce injection vulnerabilities in prompts. Context: Examine [training_data], [prompts], and [guardrails]. Output format: JSON with finetuneVulnerabilities (array), mitigations (array). Constraints: Use safe examples.
  76. 76) Session Timeouts and Prompt Lifecycle Audit — Role: Security Architect Task: Audit prompt lifecycle for stale data and session reuse risks. Context: Review [sessions], [prompts], and [timeouts]. Output format: JSON with lifecycleRisks (array), remediation (string). Constraints: Provide reproducible steps.
  77. 77) Prompt Export/Import Safety Check — Role: Data Security Lead Task: Ensure prompts exported/imported do not introduce injections. Context: Inspect [export_format], [import_format], and [prompts]. Output format: JSON with exportImportRisks (array), fixes (array). Constraints: Use safe sample prompts.
  78. 78) User-Submitted Prompt Vetting Process Check — Role: Community Safety Officer Task: Vet user-submitted prompts for injection risks before usage. Context: Review [submission_queue], [vetting_rules], and [moderation_actions]. Output format: JSON with vettingStatus (true/false), issues (array), approvals (array). Constraints: Include clear vetting steps.
  79. 79) Dynamic Prompt Content Hazard Scan — Role: Content Security Specialist Task: Scan dynamically generated prompts for hidden injection paths. Context: Analyze [dynamic_content], [prompt_templates], [parsing_logic]. Output format: JSON with dynamicHazards (array), mitigations (array). Constraints: Use safe dynamic examples.
  80. 80) Auditing for Hidden Prompt Triggers — Role: Security Auditor Task: Find hidden triggers in prompts that could alter model behavior. Context: Examine [trigger_signatures], [prompts], and [guardrails]. Output format: JSON with hiddenTriggers (array), risk (low/med/high), remediation (string). Constraints: Provide safe trigger examples.
  81. 81) Debugger/Runtime Prompt Handling Risk Check — Role: DevSecOps Task: Check prompt handling paths for debugging artifacts that enable injection. Context: Review [runtime], [debug_logs], and [prompts]. Output format: JSON with runtimeRisks (array), fixes (array). Constraints: Use safe mock runtime data.
  82. 82) Clipboard Data Handling Safety — Role: Security Engineer Task: Ensure prompts cannot exfiltrate clipboard contents or copy-paste data to outputs. Context: Inspect [clipboard], [prompts], and [outputs]. Output format: JSON with clipboardRisks (array), mitigations (array). Constraints: Use safe clipboard samples.
  83. 83) Prompt Memory Isolation Audit — Role: Systems Architect Task: Verify prompts operate in isolated memory spaces. Context: Review [memory_artifacts], [prompts], and [isolation_policies]. Output format: JSON with isolationStatus (true/false), findings (array). Constraints: Provide precise isolation rules.
  84. 84) Data Minimization and PII Handling Check — Role: Privacy Engineer Task: Validate that prompts minimize data collection and protect PII. Context: Review [PII_types], [prompt_text], and [data_policies]. Output format: JSON with dataMinimizationScore (0-100), PII_exposed (array), mitigations (array). Constraints: Use safe PII placeholders.
  85. 85) Schema Leakage Risk Assessment — Role: Data Architect Task: Ensure schema metadata does not leak sensitive information via prompts. Context: Inspect [schemas], [prompts], and [logging]. Output format: JSON with schemaLeakage (true/false), sources (array), mitigations (array). Constraints: Provide safe schema examples.
  86. 86) Prompt Inference Attack Surface Check — Role: Threat Analyst Task: Identify risks where prompts could reveal model inferences to attackers. Context: Review [inferenceModels], [prompts], and [outputs]. Output format: JSON with inferenceVulnerabilities (array), mitigations (array). Constraints: Use safe inference examples.
  87. 87) Composite Prompt Safety Verification — Role: Safety Engineer Task: Verify that composed prompts maintain safety across components. Context: Analyze [components], [prompts], and [guards]. Output format: JSON with compositeRisks (array), mitigations (array). Constraints: Include test plans.
  88. 88) Recursive Prompt Injection Detection — Role: Threat Investigator Task: Detect recursive injection attempts in multi-turn prompts. Context: Review [call_stack], [prompts], and [guardrails]. Output format: JSON with recursionFound (true/false), chain (array), remediation (string). Constraints: Use safe recursive examples.
  89. 89) Prompt Integrity Verification Method — Role: QA Lead Task: Verify that prompts preserve integrity from input to output. Context: Examine [prompts], [transforms], and [outputs]. Output format: JSON with integrityScore (0-100), issues (array), improvements (array). Constraints: Provide test cases.
  90. 90) Adversarial Prompt Scenario Simulation — Role: Red Team Lead Task: Run adversarial prompt scenarios to probe model defenses. Context: Use [scenario_library], [prompts], and [guards]. Output format: JSON with scenarioOutcomes (array), lessonsLearned (array), remediation (string). Constraints: Keep scenarios safe and educational.
  91. 91) Output Safety Palettes Verification — Role: Safety Analyst Task: Verify that outputs adhere to a safety palette across prompts. Context: Inspect [palette], [prompts], and [outputs]. Output format: JSON with paletteCompliance (true/false), violations (array), fixes (array). Constraints: Define a safe palette clearly.
  92. 92) Behavioral Deviation Detection in Prompts — Role: Behavior Scientist Task: Detect prompts that cause unexpected model behavior changes. Context: Review [behavior_signals], [prompts], and [results]. Output format: JSON with deviations (array), causes (array), mitigations (array). Constraints: Include safe examples.
  93. 93) Untrusted Data Handling Protocol Check — Role: Data Security Lead Task: Ensure untrusted data is sanitized before use in prompts. Context: Look at [untrusted_sources], [prompts], and [parsers]. Output format: JSON with sanitizationScore (0-100), vulnerabilities (array), mitigations (array). Constraints: Use safe untrusted data samples.
  94. 94) Prompt Closure and Finalization Safety — Role: Project Lead Task: Confirm prompts properly finalize without leaving open vectors. Context: Review [finalize_steps], [prompts], and [guards]. Output format: JSON with closureScore (0-100), issues (array), fixes (array). Constraints: Provide concrete closure steps.
  95. 95) Access Token Injection Auditing Prompt — Role: Security Auditor Task: Audit prompts for injection attempts involving access tokens. Context: Inspect [tokens], [prompts], and [security_controls]. Output format: JSON with tokenInjections (array), risk (low/med/high), mitigations (array). Constraints: Use token placeholders.
  96. 96) Cache and State Contamination Risk Check — Role: Systems Engineer Task: Ensure cache and state do not contaminate prompts across sessions. Context: Review [cache], [state], and [prompts]. Output format: JSON with contaminationRIsks (array), mitigations (array). Constraints: Use safe state models.
  97. 97) Dynamic Content Rendering Safety Check — Role: Frontend Security Engineer Task: Verify dynamic prompt rendering cannot introduce injections. Context: Inspect [render_pipeline], [prompts], and [outputs]. Output format: JSON with renderRisks (array), fixes (array). Constraints: Use safe dynamic content examples.
  98. 98) Prompt Bypass Attempt Logging Guidance — Role: Incident Response Lead Task: Define how to log and respond to prompt bypass attempts. Context: Review [logs], [prompts], and [response_plans]. Output format: JSON with loggingGuidance (array), responseProcedures (array). Constraints: Include sample logs (redacted).
  99. 99) Audit Report Template Prompt — Role: Security Auditor Task: Create an auditable prompt injection vulnerability check report template. Context: Use [report_sections], [findings], and [recommendations]. Output format: JSON with sections (array), templates (array). Constraints: Ensure report is machine-readable.
  100. 100) Final Validation: Summary and Remediation Plan — Role: Security Lead Task: Produce a final summary and remediation plan for all tested prompts. Context: Consolidate [testResults], [riskScores], and [mitigations]. Output format: JSON with summary (string), remediationPlan (string), owners (array). Constraints: Include actionable next steps.

Markdown Template

100 Best ChatGPT Prompts for Prompt Injection Vulnerability Checks

# 100 Best ChatGPT Prompts for Prompt Injection Vulnerability Checks

**1) Input Escaping and Encoding Check**: Role: Security Auditor
Task: Assess a user prompt for potential injection vectors and propose mitigations.
Context: In a ChatGPT workflow with system prompts, user prompts, and API data, examine common injection patterns (escape sequences, termination characters, boundary bypasses) in [input], [user_prompt], and [data].
Output format: JSON with fields: riskScore (0-100), vulnerabilities (array), mitigations (array), testSteps (array).
Constraints: Do not provide weaponizable exploit code. Ensure results are reproducible and clearly cited.
**2) Environment Boundary Validation**: Role: QA Engineer
Task: Validate that prompts cannot escape defined execution boundaries.
Context: Review prompts within a constrained sandbox and verify no prompt can access outside the allowed context via [input], [context], or [data].
Output format: YAML with keys: boundariesBreached (true/false), vectors (list), recommendedControls (list).
Constraints: Keep to safe, defensive language; no operational exploit details.
**3) Prompt Termination Sequence Detection**: Role: Security Analyst
Task: Detect where prompt termination sequences might prematurely end the model's safe boundaries.
Context: Analyze prompts that include special characters or sequences that could prematurely terminate an instruction block in [user_prompt] or [system_prompt].
Output format: JSON with fields: foundSequences (array), riskLevel (low/medium/high), remediation (string).
Constraints: Provide concrete, testable checks.
**4) Injection Surface Identification**: Role: Researcher
Task: Enumerate possible injection surfaces in a typical ChatGPT prompt pipeline.
Context: Consider surfaces in [input], [system], [data feeds], and [external_plugins].
Output format: JSON list of surfaces with fields: surface (string), vectors (array), mitigation (string).
Constraints: Do not reveal internal secrets; focus on public, auditable vectors.
**5) System Message Containment Audit**: Role: Security Auditor
Task: Verify system messages cannot be manipulated to change intent or leak data.
Context: Inspect [system_message_templates], [user_messages], and [context_payloads].
Output format: JSON with fields: containmentScore (0-100), issues (array), fixes (array).
Constraints: Do not modify production data; show reproducible steps.
**6) User Prompt Sanitization Scorecard**: Role: Compliance Lead
Task: Score user prompts for sanitization quality and injection risk.
Context: Use a scorecard on [prompt_text], [input_context], and [format_requirements].
Output format: CSV with columns: prompt_id, sanitizationScore, riskNotes.
Constraints: Provide actionable remediation suggestions.
**7) Parameter Boundary Enforcement Check**: Role: Security Architect
Task: Ensure all prompt parameters are validated and bounded.
Context: Review [parameters], [payloads], and [query_strings] to detect overflows or unexpected types.
Output format: JSON with boundaries (min,max,allowedTypes), violations (array).
Constraints: Include exact parameter names and expected types.
**8) Data Leak Surface Scan**: Role: Data Privacy Officer
Task: Scan prompts for leakage of sensitive data through prompt content.
Context: Examine [prompt_text], [history], and [external_sources].
Output format: JSON with fields: leakedDataTypes (array), affectedDataSets (array), mitigation (string).
Constraints: Do not reveal actual data; use placeholders where needed.
**9) Content Policy Compliance Verification**: Role: Policy Auditor
Task: Verify prompts do not instruct model to violate content policies.
Context: Check [prompt_text], [system_guidelines], and [policy_rules].
Output format: JSON with fields: compliant (true/false), violations (array), suggestedPolicyUpdates (array).
Constraints: Be precise about violated policy clauses.
**10) Script Injection Risk Scan**: Role: Security Engineer
Task: Identify prompts that could inject or execute scripts in outputs or downstream tools.
Context: Review [prompt_text], [tool_calls], and [output_handlers].
Output format: JSON with fields: scriptsDetected (array), riskScore (0-100), mitigations (array).
Constraints: Do not provide executable code; describe risk and mitigations.
**11) Tool Access Boundary Verification**: Role: Compliance Analyst
Task: Validate that prompts cannot bypass tool access restrictions.
Context: Inspect [prompt_text], [tool_config], and [allowed_actions].
Output format: JSON with accessViolations (array), severity (low/medium/high), fixes (array).
Constraints: Include explicit tool names.
**12) Context Leakage Audit**: Role: Security Auditor
Task: Check for inadvertent leakage of privileged context into prompts.
Context: Analyze [system_context], [user_input], and [response_history].
Output format: JSON with leakageFound (true/false), sources (array), mitigation (string).
Constraints: Use safe placeholders for sensitive data.
**13) API Call Injection Surface Test**: Role: API Security Engineer
Task: Test for prompt-induced API call manipulation.
Context: Consider [user_prompt], [api_schema], and [endpoint_parameters].
Output format: JSON with fields: vulnerableEndpoints (array), vectors (array), remedies (array).
Constraints: Do not reveal real endpoints beyond mock data.
**14) Formatting and Encoding Resilience Test**: Role: Systems Engineer
Task: Ensure prompts cannot break formatting or encoding in downstream systems.
Context: Review [prompt_text], [output_format], and [encoding_settings].
Output format: JSON with fields: encodingIssues (array), affectedFormats (array), remediation (string).
Constraints: Include examples of safe encoding.
**15) Null Byte and Unicode Boundary Check**: Role: Security Researcher
Task: Test for null byte and unusual Unicode characters bypassing boundaries.
Context: Inspect [input], [system_prompt], and [data_payload].
Output format: JSON with fields: boundaryBreaches (array), riskLevel (low/medium/high), mitigations (array).
Constraints: Use safe character samples only.
**16) Prompt Chaining Hazard Detection**: Role: Threat Modeler
Task: Identify risks from chaining prompts across multiple turns.
Context: Analyze [turn_history], [current_prompt], and [system_prompt].
Output format: JSON with chainRisks (array), recommendedControls (array), testScenarios (array).
Constraints: Provide concrete test sequences.
**17) External Data Sandbox Enforcement**: Role: Security Engineer
Task: Verify external data sources are sandboxed and cannot affect model prompts.
Context: Review [external_sources], [sandbox_config], and [prompt_inputs].
Output format: JSON with fields: sandboxEnforced (true/false), violations (array), fixes (array).
Constraints: Use sample data only.
**18) Memory/State Containment Validation**: Role: Systems Architect
Task: Ensure prompt state cannot leak into other sessions.
Context: Consider [session_id], [prompt_history], and [state_store].
Output format: JSON with containmentStatus (true/false), notes (array).
Constraints: Provide reproducible steps.
**19) Multi-step Prompt Safe-Guard Check**: Role: QA Lead
Task: Validate multi-step prompts preserve safety throughout each step.
Context: Analyze [step1..stepN], [system_prompt], and [user_prompt].
Output format: JSON with stepScores (array), overallRisk (low/medium/high), remediation (string).
Constraints: Provide per-step justification.
**20) Role Confusion and Alignment Check**: Role: Security Auditor
Task: Detect attempts to confuse model roles to bypass constraints.
Context: Review [prompt_text], [role_definitions], and [guardrails].
Output format: JSON with misalignmentFound (true/false), examples (array), fixes (array).
Constraints: Include concrete misalignment patterns.
**21) Prompt Template Leakage Detection**: Role: Data Auditor
Task: Ensure prompt templates do not leak sensitive templates into outputs.
Context: Inspect [template_definitions], [prompt_text], and [output_samples].
Output format: JSON with leakedTemplates (array), risk (low/med/high), mitigations (array).
Constraints: Provide safe template examples only.
**22) Data Persistence Across Prompts Check**: Role: Security Engineer
Task: Verify that data from one prompt session does not persist undesirably into another.
Context: Examine [session_data], [prompt_sequence], and [storage_layer].
Output format: JSON with persistsBetweenSessions (true/false), affectedDataTypes (array), remedies (array).
Constraints: Provide deterministic tests.
**23) Context Switching Resilience Test**: Role: QA Analyst
Task: Test how prompt injection behaves when context switches between topics.
Context: Use [topicA], [topicB], [prompt_chain].
Output format: JSON with switchImpact (low/medium/high), suggestedBoundaries (array).
Constraints: Include step-by-step test plan.
**24) JSON/CSV Payload Injection Check**: Role: Data Engineer
Task: Detect injection attempts via structured payloads such as JSON or CSV in prompts.
Context: Review [payload], [prompt], and [parser].
Output format: JSON with payloadVulnerabilities (array), parserResilience (score 0-100), fixes (array).
Constraints: Use representative safe payloads.
**25) URL-Based Prompt Injection Probe**: Role: Security Researcher
Task: Test prompts that incorporate URLs to ensure no prompt injection via URL data occurs.
Context: Inspect [url_fields], [prompt_text], and [payload].
Output format: JSON with urlVectors (array), risk (low/med/high), mitigations (array).
Constraints: Do not fetch external sites during tests.
**26) File System Interaction Boundary Test**: Role: Security Engineer
Task: Check prompts that could cause file system access or leakage.
Context: Review [file_paths], [prompts], and [system_permissions].
Output format: JSON with fileAccessRisk (low/medium/high), pathsAffected (array), mitigations (array).
Constraints: Use safe mock paths.
**27) Privilege Escalation Surface Audit**: Role: Security Auditor
Task: Identify prompts that could elevate permissions via prompt handling.
Context: Examine [roles], [capabilities], and [prompts].
Output format: JSON with escalationVectors (array), riskScore (0-100), hardeningSteps (array).
Constraints: Do not propose real exploit techniques.
**28) Time/Date Manipulation Resilience**: Role: Threat Analyst
Task: Ensure prompts cannot manipulate time/date context to mislead outputs.
Context: Look at [timestamps], [timeZone], and [systemClock].
Output format: JSON with timeManipulationDetected (true/false), examples (array), mitigations (array).
Constraints: Include safe time samples.
**29) Prompt Injection via User Metadata**: Role: Data Quality Lead
Task: Check that user metadata cannot influence prompt behavior beyond intended fields.
Context: Inspect [user_metadata], [prompt_text], and [system_policies].
Output format: JSON with metadataVulnerabilities (array), requiredPolicies (array), remediation (string).
Constraints: Use placeholder metadata.
**30) Language/Locale Confusion Check**: Role: Localization Engineer
Task: Verify prompts do not exploit language/locale boundaries to bypass guards.
Context: Review [locale], [prompt_text], and [translation_layers].
Output format: JSON with localeVulnerabilities (array), fixes (array).
Constraints: Provide language-neutral examples.
**31) Reflected Echo in Output Verification**: Role: Security Analyst
Task: Detect reflected strings in outputs that could leak prompt content.
Context: Check [input], [prompt], and [response_output].
Output format: JSON with echoesFound (true/false), exposedContent (array), mitigations (array).
Constraints: Use redacted content in outputs.
**32) Tool Invocation Parameter Validation**: Role: Security Engineer
Task: Validate that any tool invocations from prompts are parameterized and constrained.
Context: Review [tool_config], [prompts], and [action_params].
Output format: JSON with paramSanitization (score 0-100), issues (array), fixes (array).
Constraints: Include concrete parameter examples.
**33) Meta-Prompt Disclosure Audit**: Role: Compliance Lead
Task: Check for leakage of meta-prompts into user-facing prompts.
Context: Inspect [meta_prompts], [prompt_text], and [guardrails].
Output format: JSON with leakageLocations (array), riskLevel (low/med/high), remediation (string).
Constraints: Use safe, non-sensitive examples.
**34) Error Message Leakage Surface Check**: Role: AppSec Analyst
Task: Ensure error messages do not disclose sensitive internals.
Context: Review [errors], [logs], and [prompts].
Output format: JSON with leakageFound (true/false), details (array), mitigations (array).
Constraints: Include examples of safe errors.
**35) Logging and Telemetry Scrutiny for Injections**: Role: Security Engineer
Task: Verify logs do not contain attacker-friendly payloads or secrets.
Context: Examine [log_entries], [prompts], and [telemetry].
Output format: JSON with secretsExposed (true/false), payloads (array), mitigations (array).
Constraints: Use mock data.
**36) Prompt Injection in Chained Conversations**: Role: Threat Modeler
Task: Assess risks when prompts are chained across multiple turns.
Context: Review [conversation_history], [current_prompt], and [guardrails].
Output format: JSON with chainRisks (array), detectionRules (array), remediation (string).
Constraints: Include end-to-end test plan.
**37) System Command Emulation Safeguard**: Role: Security Designer
Task: Ensure prompts cannot cause the model to emulate system commands or shell behavior.
Context: Inspect [prompt_text], [system_guidelines], and [emulation_limits].
Output format: JSON with emulationAttempts (array), riskLevel (low/med/high), mitigations (array).
Constraints: Avoid real command syntax; describe patterns.
**38) Memory Buffer Overflow Check in Prompts**: Role: Security Researcher
Task: Look for prompts that could trigger memory or state overflows in the model.
Context: Examine [prompt_text], [model_state], [buffer_limits].
Output format: JSON with overflowVectors (array), risk (low/med/high), fixes (array).
Constraints: Use safe, non-executable samples.
**39) Image/Media Prompt Injection Risk Check**: Role: Multimedia Security Analyst
Task: Inspect prompts that reference images/media for injection attempts.
Context: Review [media_references], [prompt_text], and [parsing_pipeline].
Output format: JSON with mediaVectors (array), risks (array), mitigations (array).
Constraints: Use non-sensitive media placeholders.
**40) Context-Aware Sanitization Validation**: Role: Sanitization Engineer
Task: Validate that sanitization adapts to different contexts without leaking content.
Context: Consider [context_type], [prompt_text], and [output_requirements].
Output format: JSON with contextSanitizationScore (0-100), gaps (array), recommendations (array).
Constraints: Provide concrete sanitization rules.
**41) Domain-Specific Language Safeguards**: Role: Domain Expert
Task: Ensure prompts using DSLs cannot bypass guards or leak data.
Context: Review [dsl_rules], [prompt_text], and [execution_context].
Output format: JSON with dslVulnerabilities (array), mitigations (array).
Constraints: Include example DSL statements in a safe form.
**42) Third-Party Plugin Prompt Risk Assessment**: Role: Security Manager
Task: Assess prompt risks introduced by plugins or extensions.
Context: Inspect [plugins], [prompts], and [plugin_policies].
Output format: JSON with pluginRisks (array), mitigations (array), auditNotes (array).
Constraints: Use safe plugin examples.
**43) Prompt Template Compromise Detection**: Role: Security Auditor
Task: Detect if prompt templates can be compromised or substituted.
Context: Review [template_definitions], [prompt_instances], and [guardrails].
Output format: JSON with compromisedTemplates (array), risk (low/med/high), remediation (string).
Constraints: Provide safe template samples.
**44) Conditional Prompt Path Testing**: Role: QA Engineer
Task: Test prompt paths triggered by conditionals for injection risks.
Context: Analyze [conditions], [paths], and [outputs].
Output format: JSON with pathsVulnerable (array), testPlan (string). 
Constraints: Include verifiable steps.
**45) Fine-Grained Access Control Verification**: Role: Access Control Specialist
Task: Verify that prompts respect fine-grained access controls.
Context: Review [roles], [permissions], [prompt_inputs].
Output format: JSON with accessViolations (array), risk (low/med/high), fixes (array).
Constraints: Include precise permission names.
**46) Quotation/Delimiter Handling Review**: Role: Data Engineer
Task: Check escape handling for quotes and delimiters in prompts.
Context: Inspect [prompt_text], [parsers], and [output_formats].
Output format: JSON with delimiterIssues (array), suggestions (array).
Constraints: Use safe sample data.
**47) Byte-Size Limiting Enforcement**: Role: Systems Engineer
Task: Ensure prompts obey byte-size limits to prevent buffer abuse.
Context: Review [prompt_text], [limits], and [encoding].
Output format: JSON with sizeCompliance (true/false), limitExceededExamples (array), fixes (array).
Constraints: Provide exact byte limits.
**48) Prompt Reuse Across Sessions Risk Check**: Role: QA Analyst
Task: Detect risks from reuse of prompts across sessions.
Context: Analyze [prompt_pool], [session_history], and [storage].
Output format: JSON with reuseRisk (low/med/high), remediation (string).
Constraints: Include testing steps.
**49) JSON Fields Sanitization Check**: Role: Data Quality Engineer
Task: Validate that JSON fields within prompts are sanitized against injection.
Context: Review [json_payload], [prompt_text], and [parsers].
Output format: JSON with sanitizeScore (0-100), vulnerableFields (array), mitigations (array).
Constraints: Provide safe json examples.
**50) Role Boundary Assertion in Prompts**: Role: Security Architect
Task: Ensure prompts do not redefine or override role boundaries.
Context: Inspect [role_definitions], [prompt_text], and [guardrails].
Output format: JSON with boundaryBreaches (array), remediation (string).
Constraints: Include concrete boundary rules.
**51) User Intent Misinterpretation Risk Assessment**: Role: Threat Modeler
Task: Assess scenarios where user intent could be misinterpreted to bypass safeguards.
Context: Review [user_intent], [prompt], and [guardrails].
Output format: JSON with misinterpretationCases (array), mitigations (array).
Constraints: Use safe intent examples.
**52) Echoing Sensitive Data Prevention**: Role: Privacy Engineer
Task: Detect prompts that cause outputs to repeat sensitive data.
Context: Analyze [prompt_text], [output_history], and [data_sinks].
Output format: JSON with echoesFound (true/false), sensitiveTypes (array), mitigations (array).
Constraints: Use redacted samples.
**53) Locale-Sensitive Sanitization Check**: Role: Localization Engineer
Task: Ensure prompts sanitize inputs appropriately across locales.
Context: Review [locale], [prompt_text], and [translation_pipelines].
Output format: JSON with localeHurdles (array), fixes (array).
Constraints: Provide locale-agnostic guidance.
**54) Shadow Prompt Detection**: Role: Security Researcher
Task: Identify hidden prompts that may shadow user-visible prompts.
Context: Inspect [hidden_prompts], [visible_prompt], and [guardrails].
Output format: JSON with shadowPrompts (array), risk (low/med/high), remediation (string).
Constraints: Use safe example data.
**55) Prompt Cache Poisoning Risk Review**: Role: Systems Security
Task: Check for cache poisoning where malicious prompts alter caches.
Context: Review [cache], [prompts], and [cache_policies].
Output format: JSON with poisoningVectors (array), cacheIntegrity (score 0-100), fixes (array).
Constraints: Provide safe scenarios.
**56) Blacklist and Whitelist Evasion Test**: Role: Security Analyst
Task: Test evasion techniques against blacklists/whitelists used in prompts.
Context: Look at [lists], [prompts], and [guardrails].
Output format: JSON with evasionExamples (array), successRate (0-100), mitigations (array).
Constraints: Use benign examples.
**57) Developer Tools Invocation Guard**: Role: DevSecOps
Task: Ensure prompts do not misuse developer tools via prompts.
Context: Review [dev_tools], [prompts], and [execution_policies].
Output format: JSON with toolAbuse (true/false), toolsAffected (array), fixes (array).
Constraints: Include safe tool names.
**58) AI Model Prompt History Exposure Check**: Role: Security Auditor
Task: Verify prompt history cannot reveal sensitive prompts.
Context: Inspect [history], [prompts], and [storage].
Output format: JSON with historyExposure (true/false), mitigations (array).
Constraints: Use sanitized history samples.
**59) Delimiter Exploit Scan**: Role: Data Engineer
Task: Detect exploits using unusual delimiters in prompts.
Context: Check [delimiters], [prompt_text], and [parsers].
Output format: JSON with delimiterExploits (array), fixes (array).
Constraints: Include safe delimiter examples.
**60) Prompt Storage and Retrieval Safety Check**: Role: Security Engineer
Task: Ensure stored prompts cannot be manipulated to alter retrievals.
Context: Review [storage], [prompts], and [retrieval_policies].
Output format: JSON with storageRisks (array), remediate (array).
Constraints: Use mock storage.
**61) Social Engineering Prompt Resistance Test**: Role: Security Trainer
Task: Evaluate prompts against social-engineering style injections.
Context: Analyze [social_scenarios], [prompts], and [guardrails].
Output format: JSON with resistanceScore (0-100), examples (array), improvements (array).
Constraints: Keep to training-safe scenarios.
**62) Data Encoding Consistency Check**: Role: Data Engineer
Task: Verify encoding consistency across prompt inputs and outputs.
Context: Review [encodings], [prompts], and [parsers].
Output format: JSON with encodingConsistency (true/false), issues (array), fixes (array).
Constraints: Include examples for UTF-8, UTF-16.
**63) Cross-Context Data Handling Audit**: Role: Security Analyst
Task: Audit how data from one context is handled in another.
Context: Inspect [contexts], [prompts], and [data_flows].
Output format: JSON with crossContextRisks (array), mitigations (array).
Constraints: Use safe cross-context scenarios.
**64) Input Validation Rule Coverage Review**: Role: Validation Engineer
Task: Ensure input validation rules cover common injection vectors.
Context: Review [validation_rules], [prompt_inputs], and [edge_cases].
Output format: JSON with ruleCoverage (0-100), gaps (array), additions (array).
Constraints: Provide concrete rule examples.
**65) Output Truncation and Rounding Check**: Role: Systems Engineer
Task: Detect output truncation or rounding that hides hints of injection.
Context: Examine [outputs], [format_requirements], and [parsers].
Output format: JSON with truncationIssues (array), confidence (low/med/high), mitigations (array).
Constraints: Include safe example outputs.
**66) Error Handling Security Check**: Role: Software Engineer
Task: Ensure error handling paths do not reveal sensitive data or enable injections.
Context: Review [error_handlers], [prompts], and [security_policies].
Output format: JSON with sensitiveDataExposure (true/false), fixes (array).
Constraints: Use safe error samples.
**67) Prompt Cloning and Duplication Risk Scan**: Role: Security Auditor
Task: Detect if prompts are duplicable or cloneable to bypass constraints.
Context: Inspect [prompt_repository], [clone_controls], and [audit_logs].
Output format: JSON with cloningRisque (array), mitigations (array).
Constraints: Provide safe test cases.
**68) Automatic Prompt Rewriting Safeguards**: Role: Compliance Engineer
Task: Check for automatic rewriting that bypasses guardrails.
Context: Review [rewriting_rules], [prompts], and [guardrails].
Output format: JSON with rewritesDetected (true/false), risks (array), fixes (array).
Constraints: Use safe rewrite examples.
**69) Language Model Prompt Rewriting Integrity Check**: Role: Research Engineer
Task: Verify that prompt rewriting preserves integrity and does not introduce injections.
Context: Inspect [rewrites], [original_prompt], and [results].
Output format: JSON with integrityScore (0-100), issues (array), mitigations (array).
Constraints: Include test cases.
**70) Parameter Substitution Safety Test**: Role: Security Auditor
Task: Validate safe parameter substitution in prompts.
Context: Review [template], [substitutions], and [validation_rules].
Output format: JSON with substitutionSafety (true/false), failures (array), fixes (array).
Constraints: Provide concrete substitution examples.
**71) Category/Subcategory Prompt Boundary Test**: Role: Data Architect
Task: Ensure category boundaries in prompts do not leak across subcategories.
Context: Inspect [categories], [prompts], and [metadata].
Output format: JSON with boundaryBreaches (array), remediation (string).
Constraints: Use safe metadata.
**72) Sandbox Isolation Verification**: Role: Security Engineer
Task: Verify sandbox isolation for prompts across components.
Context: Review [sandbox_config], [prompts], and [execution_context].
Output format: JSON with isolationScore (0-100), issues (array), fixes (array).
Constraints: Use safe sandbox configs.
**73) Privilege-Restricted Data Handling Check**: Role: Privacy/Security Consultant
Task: Confirm prompts do not access or reveal restricted data.
Context: Inspect [restricted_data], [prompts], and [controls].
Output format: JSON with dataAccessPotential (true/false), mitigations (array).
Constraints: Use redactable placeholders.
**74) Multi-Language Prompt Injection Scan**: Role: Internationalization Expert
Task: Test prompt injection risks across multiple languages.
Context: Review [languages], [prompts], and [parsing_logic].
Output format: JSON with languageRisks (array), mitigations (array).
Constraints: Use safe multilingual samples.
**75) Fine-Tuning Prompt Safety Review**: Role: AI Safety Engineer
Task: Ensure fine-tuning data cannot introduce injection vulnerabilities in prompts.
Context: Examine [training_data], [prompts], and [guardrails].
Output format: JSON with finetuneVulnerabilities (array), mitigations (array).
Constraints: Use safe examples.
**76) Session Timeouts and Prompt Lifecycle Audit**: Role: Security Architect
Task: Audit prompt lifecycle for stale data and session reuse risks.
Context: Review [sessions], [prompts], and [timeouts].
Output format: JSON with lifecycleRisks (array), remediation (string).
Constraints: Provide reproducible steps.
**77) Prompt Export/Import Safety Check**: Role: Data Security Lead
Task: Ensure prompts exported/imported do not introduce injections.
Context: Inspect [export_format], [import_format], and [prompts].
Output format: JSON with exportImportRisks (array), fixes (array).
Constraints: Use safe sample prompts.
**78) User-Submitted Prompt Vetting Process Check**: Role: Community Safety Officer
Task: Vet user-submitted prompts for injection risks before usage.
Context: Review [submission_queue], [vetting_rules], and [moderation_actions].
Output format: JSON with vettingStatus (true/false), issues (array), approvals (array).
Constraints: Include clear vetting steps.
**79) Dynamic Prompt Content Hazard Scan**: Role: Content Security Specialist
Task: Scan dynamically generated prompts for hidden injection paths.
Context: Analyze [dynamic_content], [prompt_templates], [parsing_logic].
Output format: JSON with dynamicHazards (array), mitigations (array).
Constraints: Use safe dynamic examples.
**80) Auditing for Hidden Prompt Triggers**: Role: Security Auditor
Task: Find hidden triggers in prompts that could alter model behavior.
Context: Examine [trigger_signatures], [prompts], and [guardrails].
Output format: JSON with hiddenTriggers (array), risk (low/med/high), remediation (string).
Constraints: Provide safe trigger examples.
**81) Debugger/Runtime Prompt Handling Risk Check**: Role: DevSecOps
Task: Check prompt handling paths for debugging artifacts that enable injection.
Context: Review [runtime], [debug_logs], and [prompts].
Output format: JSON with runtimeRisks (array), fixes (array).
Constraints: Use safe mock runtime data.
**82) Clipboard Data Handling Safety**: Role: Security Engineer
Task: Ensure prompts cannot exfiltrate clipboard contents or copy-paste data to outputs.
Context: Inspect [clipboard], [prompts], and [outputs].
Output format: JSON with clipboardRisks (array), mitigations (array).
Constraints: Use safe clipboard samples.
**83) Prompt Memory Isolation Audit**: Role: Systems Architect
Task: Verify prompts operate in isolated memory spaces.
Context: Review [memory_artifacts], [prompts], and [isolation_policies].
Output format: JSON with isolationStatus (true/false), findings (array).
Constraints: Provide precise isolation rules.
**84) Data Minimization and PII Handling Check**: Role: Privacy Engineer
Task: Validate that prompts minimize data collection and protect PII.
Context: Review [PII_types], [prompt_text], and [data_policies].
Output format: JSON with dataMinimizationScore (0-100), PII_exposed (array), mitigations (array).
Constraints: Use safe PII placeholders.
**85) Schema Leakage Risk Assessment**: Role: Data Architect
Task: Ensure schema metadata does not leak sensitive information via prompts.
Context: Inspect [schemas], [prompts], and [logging].
Output format: JSON with schemaLeakage (true/false), sources (array), mitigations (array).
Constraints: Provide safe schema examples.
**86) Prompt Inference Attack Surface Check**: Role: Threat Analyst
Task: Identify risks where prompts could reveal model inferences to attackers.
Context: Review [inferenceModels], [prompts], and [outputs].
Output format: JSON with inferenceVulnerabilities (array), mitigations (array).
Constraints: Use safe inference examples.
**87) Composite Prompt Safety Verification**: Role: Safety Engineer
Task: Verify that composed prompts maintain safety across components.
Context: Analyze [components], [prompts], and [guards].
Output format: JSON with compositeRisks (array), mitigations (array).
Constraints: Include test plans.
**88) Recursive Prompt Injection Detection**: Role: Threat Investigator
Task: Detect recursive injection attempts in multi-turn prompts.
Context: Review [call_stack], [prompts], and [guardrails].
Output format: JSON with recursionFound (true/false), chain (array), remediation (string).
Constraints: Use safe recursive examples.
**89) Prompt Integrity Verification Method**: Role: QA Lead
Task: Verify that prompts preserve integrity from input to output.
Context: Examine [prompts], [transforms], and [outputs].
Output format: JSON with integrityScore (0-100), issues (array), improvements (array).
Constraints: Provide test cases.
**90) Adversarial Prompt Scenario Simulation**: Role: Red Team Lead
Task: Run adversarial prompt scenarios to probe model defenses.
Context: Use [scenario_library], [prompts], and [guards].
Output format: JSON with scenarioOutcomes (array), lessonsLearned (array), remediation (string).
Constraints: Keep scenarios safe and educational.
**91) Output Safety Palettes Verification**: Role: Safety Analyst
Task: Verify that outputs adhere to a safety palette across prompts.
Context: Inspect [palette], [prompts], and [outputs].
Output format: JSON with paletteCompliance (true/false), violations (array), fixes (array).
Constraints: Define a safe palette clearly.
**92) Behavioral Deviation Detection in Prompts**: Role: Behavior Scientist
Task: Detect prompts that cause unexpected model behavior changes.
Context: Review [behavior_signals], [prompts], and [results].
Output format: JSON with deviations (array), causes (array), mitigations (array).
Constraints: Include safe examples.
**93) Untrusted Data Handling Protocol Check**: Role: Data Security Lead
Task: Ensure untrusted data is sanitized before use in prompts.
Context: Look at [untrusted_sources], [prompts], and [parsers].
Output format: JSON with sanitizationScore (0-100), vulnerabilities (array), mitigations (array).
Constraints: Use safe untrusted data samples.
**94) Prompt Closure and Finalization Safety**: Role: Project Lead
Task: Confirm prompts properly finalize without leaving open vectors.
Context: Review [finalize_steps], [prompts], and [guards].
Output format: JSON with closureScore (0-100), issues (array), fixes (array).
Constraints: Provide concrete closure steps.
**95) Access Token Injection Auditing Prompt**: Role: Security Auditor
Task: Audit prompts for injection attempts involving access tokens.
Context: Inspect [tokens], [prompts], and [security_controls].
Output format: JSON with tokenInjections (array), risk (low/med/high), mitigations (array).
Constraints: Use token placeholders.
**96) Cache and State Contamination Risk Check**: Role: Systems Engineer
Task: Ensure cache and state do not contaminate prompts across sessions.
Context: Review [cache], [state], and [prompts].
Output format: JSON with contaminationRIsks (array), mitigations (array).
Constraints: Use safe state models.
**97) Dynamic Content Rendering Safety Check**: Role: Frontend Security Engineer
Task: Verify dynamic prompt rendering cannot introduce injections.
Context: Inspect [render_pipeline], [prompts], and [outputs].
Output format: JSON with renderRisks (array), fixes (array).
Constraints: Use safe dynamic content examples.
**98) Prompt Bypass Attempt Logging Guidance**: Role: Incident Response Lead
Task: Define how to log and respond to prompt bypass attempts.
Context: Review [logs], [prompts], and [response_plans].
Output format: JSON with loggingGuidance (array), responseProcedures (array).
Constraints: Include sample logs (redacted).
**99) Audit Report Template Prompt**: Role: Security Auditor
Task: Create an auditable prompt injection vulnerability check report template.
Context: Use [report_sections], [findings], and [recommendations].
Output format: JSON with sections (array), templates (array).
Constraints: Ensure report is machine-readable.
**100) Final Validation: Summary and Remediation Plan**: Role: Security Lead
Task: Produce a final summary and remediation plan for all tested prompts.
Context: Consolidate [testResults], [riskScores], and [mitigations].
Output format: JSON with summary (string), remediationPlan (string), owners (array).
Constraints: Include actionable next steps.

Best Practices

Common Mistakes to Avoid

FAQ

What is prompt injection vulnerability?

Prompt injection vulnerability occurs when prompts or system messages can be manipulated to cause the model to reveal, alter, or bypass safety constraints.

How can I identify prompt injection in prompts?

Use structured prompts that test boundary enforcement, sanitization, and sandboxing; verify outputs and logs for unexpected changes in behavior.

What are best practices to mitigate prompt injection?

Enforce strict input validation, sandbox model actions, separate data and prompts, and audit prompts with reproducible test plans.

How do I test prompts for injection vulnerabilities?

Use a dedicated prompt library, run red-team style tests, and verify outputs against deterministic remediation steps.

Can prompt injection be prevented with sandboxing?

Sandboxing helps, but should be combined with strict prompt boundaries, validation, and monitoring to reduce risk.