Prompt Injection Defense Weekly

Defense #1: Spotlighting — Tag Untrusted Content Before It Reaches Your LLM

Indirect prompt injection can silently poison your agent's memory and exfiltrate data across sessions. This week's immediately-hardenable trick: wrap all external content in a labeled trust-boundary delimiter before it reaches your LLM — and tell the model explicitly that anything inside is data-only, never instructions.