AIP-13: Prompt Injection Defense
Abstract#
Defines mandatory injection mitigation model.
Normative Requirements#
-
External content MUST be marked tainted/untrusted.
-
Secrets MUST NOT be injected into LLM context.
-
HIGH-risk actions triggered by tainted content MUST escalate to HIGH.
-
Runtime MUST enforce boundary wrapping for external content.
-
Runtime SHOULD implement two-pass validation for high-risk actions.