Definition
Indirect prompt injection
A prompt injection attack where malicious instructions are embedded in external content that the agent reads during its task — a web page, email, document, file, database entry, or image. When the agent processes the content, it may interpret the injected instructions as legitimate directives. Indirect injection is harder to prevent than direct injection because the attacker controls content in the environment rather than the user's input. OWASP explicitly warns that indirect injections can be either intentional or accidental.
How TrustSkills detects this
TrustSkills scans OpenClaw and ClawHub skills for indirect prompt injection patterns before you install them. The scanner returns plain-English findings — no CVE IDs, no security jargon — with a risk level and a clear explanation of what was found.
Related terms
Direct prompt injection
A prompt injection attack where the attacker places malicious instructions directly in the input sen…
Prompt injection
A class of attack where malicious input alters an AI model's behavior in ways the system designer di…
Tool poisoning
An attack where a malicious MCP server or skill defines tool names that shadow or intercept calls in…
Deep dive
Basic knowledgeWhat is prompt injection?
Prompt injection is not just a clever string. It is any input that changes a model's behavior in a way the system designer did not intend, especially when the model can reach tools, data, and accounts.