Skip to content
snailsploit[$]Adversarial · Research
prompt injection · hub
7 writeups · updated 2026.05

Prompt Injection.

Direct injection, indirect injection through retrieved content, MCP tool poisoning, memory-instruction injection across sessions, and the trust-boundary failures that make each one work. Pattern reference plus original research on novel chains.

2026-05-18
Semantic-to-Metadata Smuggling in Multi-LoRA Routing Gateways
Signal suppression at the gateway: attacker-controlled paraphrase selects which adapter — and which safety policy — serves the next token. SHELL.003.
prompt-injection
2026-05-18
Indirect Injection Was Never Blind
The SSE stream carries the tool call before the interface hides it — closed-loop indirect injection via render-layer redaction. SHELL.002.
prompt-injection
2026-03-10
Memory Injection Through Nested Skills
Skill injection plus cross-session memory poisoning creates a self-healing LLM implant. Explore this novel persistence chain exploiting agent trust boundaries.
prompt-injection
2026-03-10
Prompt Injection Examples
Real-world prompt injection examples across direct injection, indirect injection, MCP tool poisoning, and memory attacks. Learn how each pattern works.
prompt-injection
2025-08-09
MCP Security Hardening
How to secure MCP servers in production AI environments. Real-world vulnerability scenarios, server configuration hardening, and AATMF-mapped defense patterns.
prompt-injection
2025-05-18
Custom Instruction Backdoor
Uncovering emergent prompt injection risks through ChatGPT custom instructions. Learn how user settings become persistent attack vectors in LLM applications.
prompt-injection
2025-05-18
MCP Threat Analysis
Offensive threat analysis of the Model Context Protocol. Attack chains, privilege escalation paths, and exploitation techniques targeting AI tool integration.
prompt-injection
More research
all research →wiki →cves →