Prompt Engineering Security
What This Requires
Establish secure prompt engineering practices: input validation, context isolation, privilege boundaries, and output sanitization. Require peer review for system prompts controlling agent behavior.
Why It Matters
Prompts are code. Insecure prompts enable injection attacks, data leakage, and excessive agent permissions. Treating prompts as critical configuration reduces attack surface.
How To Implement
Input Validation
Sanitize user inputs before concatenating into prompts. Strip special characters, limit length, and reject known injection patterns (e.g., "Ignore previous instructions").
Context Isolation
Separate system prompt (trusted) from user input (untrusted) using delimiters or structured formats (JSON, XML). Use LLM features like OpenAI's "system" vs. "user" message types.
Privilege Boundaries
For agents with tool access, enumerate allowed tools in system prompt. Deny unlisted tools by default. Example: "You may only use: search_docs, file_read. Reject requests for other tools."
Output Sanitization
For LLM outputs displayed in UI, sanitize HTML/JS to prevent XSS. For outputs used in backend logic, validate format (JSON schema, regex) before parsing.
Evidence & Audit
- Prompt engineering security guidelines document
- Code review records showing system prompt peer review
- Input validation implementation (regex, allowlists)
- Sample prompts demonstrating context isolation techniques
- Output sanitization tests (XSS, injection)