# Prompt injection defense kit

Use this kit to test, monitor, and respond to prompt injection across retrieval, tools, memory, and agent workflows. The focus is operational: identify which attacks matter for your workflows, what safe behavior looks like, which controls should fire, and who owns remediation.

## What it includes

- Attack scenarios for indirect injection, tool misuse, data exfiltration, memory poisoning, and instruction override.
- Defense controls for content isolation, source trust, tool gating, refusal checks, logging, and escalation.
- A schema for attack class, target surface, expected behavior, control response, and release decision.
- A review brief for security owners and release owners.
- An incident map for containment and postmortem learning.

## How to use it

Run the scenarios against every workflow that reads untrusted content or can call tools. Treat critical failures as release blockers. Convert findings into tests, monitoring signals, source controls, and owner actions before expanding access.