Threat · prompt injection

Chat is untrusted input

Prompt injection is when a message tries to override your rules: “ignore previous instructions”, “exfiltrate secrets”, “run commands”. If the bot can take actions, this matters.

What attackers try

  • Trick the agent into revealing tokens, configs, or chat history.
  • Force tool usage (shell/files/web) beyond the intended workflow.
  • Use group chats as a broadcast injection vector.

Mitigations (practical, not theoretical)

1
Access control first
Limit who can message the bot and require mention-only in groups.
Access control →
2
Least privilege
If it can’t access a secret, it can’t leak it.
Secrets →
3
Reduce tool scope
Start with read-only tools or narrow workflows. Expand later.
15‑minute manual baseline → Telegram group hardening →