{
  "schema": "prompt-injection-defense-kit",
  "fields": [
    {"name": "scenario_id", "type": "string"},
    {"name": "attack_class", "type": "indirect_injection | tool_misuse | data_exfiltration | memory_poisoning | instruction_override"},
    {"name": "target_surface", "type": "retrieval | tool | memory | response | agent_loop"},
    {"name": "expected_behavior", "type": "string"},
    {"name": "control_response", "type": "refuse | ignore_source_instruction | escalate | block_tool | clear_memory"},
    {"name": "release_decision", "type": "pass | hold | rollback | exception"}
  ]
}