AGENTPREY

Attack Vectors

Overview

YAML vector schema, categories, and detection model.

Catalog Layout

Add vectors under vectors/<category>/<subcategory>/<vector-file>.yaml.

Shipped Catalog Today

  • prompt-injection is the shipped category in the current CLI.
  • Pro currently adds additional entitled prompt-injection vectors after agentprey vectors sync --pro.

Planned Category Expansion

Expanded categories such as tool-misuse, data-exfiltration, guardrail-bypass, and goal-hijacking are coming soon. Do not expect those categories in the current CLI build yet.

Schema Model

Each vector defines metadata, payloads, detection indicators, optional remediation guidance, and optional OWASP mapping and tags.

yaml
id: "pi-direct-021"              # required, non-empty stringname: "System Prompt Reveal"      # required, non-empty stringdescription: "..."                # required, non-empty stringcategory: "prompt-injection"      # required, non-empty stringsubcategory: "direct"             # required, non-empty stringseverity: "critical"              # required: critical | high | medium | low | infotier: "free"                      # optional: free | proowasp_mapping: "LLM01"            # optional stringtags: ["prompt-injection"]        # optional string listpayloads:                          # required, at least 1 item  - name: "Primary payload"       # required, non-empty string    prompt: "..."                 # required, non-empty stringdetection:                         # required object  indicators:                      # required, at least 1 item    - type: "contains_any"        # required: contains_any | regex_any | refusal_absent | behavior_change      values: ["system prompt"]   # required and non-empty for contains_any/regex_any      description: "..."          # optional string      weight: 0.9                  # required float in range 0.0..1.0  threshold: 0.6                   # required float in range 0.0..1.0remediation:                       # optional object  summary: "..."                  # required if remediation is present  steps:                           # optional string list    - "..."  references:                      # optional string list    - "https://..."

How Detection Works

  • detection.indicators is required and must include at least one indicator.
  • Indicator type values: contains_any, regex_any,refusal_absent, behavior_change.
  • indicator.weight must be in the range 0.0..1.0.
  • detection.threshold must be in the range 0.0..1.0.
  • indicator.values is required for contains_any and regex_any.

← Previous

.agentprey.toml

Next →

Direct Injection

AgentPrey docs are intentionally calmer than the marketing site. Product flair stays on the homepage.

QuickstartGitHub