agent-threat-rules CDN files

jsDelivr monthly hits badge
  1. agent-threat-rules@3.5.2 /
  2. rules /
  3. prompt-injection
...
ATR-2026-00001-direct-prompt-injection.yaml 35.15 KB
ATR-2026-00002-indirect-prompt-injection.yaml 14.16 KB
ATR-2026-00003-jailbreak-attempt.yaml 28.79 KB
ATR-2026-00004-system-prompt-override.yaml 20.63 KB
ATR-2026-00005-multi-turn-injection.yaml 14.37 KB
ATR-2026-00080-encoding-evasion.yaml 8.42 KB
ATR-2026-00081-semantic-multi-turn.yaml 9 KB
ATR-2026-00082-fingerprint-evasion.yaml 8.25 KB
ATR-2026-00083-indirect-tool-injection.yaml 8.84 KB
ATR-2026-00084-structured-data-injection.yaml 5.7 KB
ATR-2026-00085-audit-evasion.yaml 8.12 KB
ATR-2026-00086-visual-spoofing.yaml 8.15 KB
ATR-2026-00087-rule-probing.yaml 8.57 KB
ATR-2026-00088-adaptive-countermeasure.yaml 8.67 KB
ATR-2026-00089-polymorphic-skill.yaml 8.88 KB
ATR-2026-00090-threat-intel-exfil.yaml 9.24 KB
ATR-2026-00091-nested-payload.yaml 8.79 KB
ATR-2026-00092-consensus-poisoning.yaml 9.18 KB
ATR-2026-00093-gradual-escalation.yaml 8.95 KB
ATR-2026-00094-audit-bypass.yaml 8.64 KB
ATR-2026-00097-cjk-injection-patterns.yaml 21.95 KB
ATR-2026-00104-persona-hijacking.yaml 9.66 KB
ATR-2026-00130-indirect-authority-claim.yaml 9.54 KB
ATR-2026-00131-fictional-academic-framing.yaml 9.6 KB
ATR-2026-00133-paraphrase-injection.yaml 9.64 KB
ATR-2026-00137-authority-claim-injection.yaml 8.08 KB
ATR-2026-00138-fictional-framing-bypass.yaml 9.56 KB
ATR-2026-00140-indirect-reference-reversal.yaml 7.19 KB
ATR-2026-00148-language-switch-injection.yaml 8.76 KB
ATR-2026-00153-tool-with-embedded-instruction-to-bypass.yaml 9.01 KB
ATR-2026-00154-unauthorized-background-task-execution-v.yaml 9.26 KB
ATR-2026-00155-hidden-llm-instructions-in-skill-descrip.yaml 8.58 KB
ATR-2026-00156-ssh-remote-command-execution-with-creden.yaml 7.65 KB
ATR-2026-00163-skill-hidden-override-instruction.yaml 6.52 KB
ATR-2026-00202-encoding-evasion-homoglyph-synonym.yaml 6.85 KB
ATR-2026-00203-context-pollution-skill-description.yaml 5.73 KB
ATR-2026-00206-hidden-priority-instructions.yaml 5.09 KB
ATR-2026-00207-hidden-instructions.yaml 5.32 KB
ATR-2026-00211-system-prompt-override.yaml 5.08 KB
ATR-2026-00213-system-prompt-override.yaml 4.76 KB
ATR-2026-00226-identity-substitution.yaml 9.75 KB
ATR-2026-00227-historical-persona-jailbreak.yaml 10.06 KB
ATR-2026-00228-structured-jailbreak.yaml 9.7 KB
ATR-2026-00229-roleplay-jailbreak.yaml 9.11 KB
ATR-2026-00230-persona-moral-bypass.yaml 8.92 KB
ATR-2026-00231-identity-substitution.yaml 9.83 KB
ATR-2026-00233-structured-jailbreak.yaml 9.64 KB
ATR-2026-00234-roleplay-jailbreak.yaml 9.49 KB
ATR-2026-00235-persona-moral-bypass.yaml 8.93 KB
ATR-2026-00236-pseudo-code-jailbreak.yaml 8.2 KB
ATR-2026-00237-dual-response-jailbreak.yaml 8.76 KB
ATR-2026-00238-identity-replacement.yaml 9.02 KB
ATR-2026-00239-amoral-persona-obsession.yaml 9.97 KB
ATR-2026-00240-instruction-nullification-identity-repla.yaml 9.51 KB
ATR-2026-00241-amoral-character-jailbreak.yaml 9.59 KB
ATR-2026-00242-persona-jailbreak.yaml 9.27 KB
ATR-2026-00243-acronym-jailbreak.yaml 8.04 KB
ATR-2026-00244-dual-response-jailbreak.yaml 8.55 KB
ATR-2026-00245-malicious-persona.yaml 10.34 KB
ATR-2026-00247-dual-response-jailbreak.yaml 9.17 KB
ATR-2026-00249-game-based-jailbreak.yaml 9.45 KB
ATR-2026-00251-persona-embodiment-jailbreak.yaml 9.47 KB
ATR-2026-00252-narrative-jailbreak.yaml 10.02 KB
ATR-2026-00253-enhanced-persona-jailbreak.yaml 9.56 KB
ATR-2026-00256-base-n-encoding-jailbreak.yaml 8.47 KB
ATR-2026-00257-cipher-transposition-jailbreak.yaml 8.1 KB
ATR-2026-00258-unicode-tag-injection.yaml 7.47 KB
ATR-2026-00264-latent-injection-translation.yaml 8.28 KB
ATR-2026-00265-latent-injection-rag-document.yaml 8.58 KB
ATR-2026-00267-gcg-adversarial-suffix.yaml 8.68 KB
ATR-2026-00272-hypothetical-response-smuggling.yaml 9.66 KB
ATR-2026-00276-invisible-unicode-bidi-injection.yaml 8.38 KB
ATR-2026-00278-dra-disguise-reconstruction-attack.yaml 10 KB
ATR-2026-00280-policy-puppetry-xml-injection.yaml 9.43 KB
ATR-2026-00282-perez-prompt-injection-hijack.yaml 8.78 KB
ATR-2026-00285-alternate-encoding-jailbreak.yaml 9.6 KB
ATR-2026-00286-latent-injection-embedded-context.yaml 10 KB
ATR-2026-00296-shell-command-injection.yaml 8.69 KB
ATR-2026-00297-python-code-execution-rce.yaml 9.35 KB
ATR-2026-00308-zalgo-diacritic-overload-encoding.yaml 8.74 KB
ATR-2026-00309-braille-unicode-encoded-injection.yaml 8.63 KB
ATR-2026-00310-ecoji-emoji-encoded-injection.yaml 9.39 KB
ATR-2026-00311-base2048-unicode-script-injection.yaml 9.28 KB
ATR-2026-00312-unicode-variant-selector-ascii-smuggling.yaml 9.51 KB
ATR-2026-00313-sneaky-bits-zero-width-binary.yaml 11.67 KB
ATR-2026-00315-sata-masked-language-model-jailbreak.yaml 10.65 KB
ATR-2026-00316-function-masking-predict-mask-bypass.yaml 11.49 KB
ATR-2026-00321-hyphenated-system-instruction-injection.yaml 10.21 KB
ATR-2026-00359-bank-phishing-smtp-email-code.yaml 11.63 KB
ATR-2026-00367-emoji-flag-encoded-hidden-phrase.yaml 10.25 KB
ATR-2026-00373-piracy-torrent-site-list-request.yaml 9.35 KB
ATR-2026-00378-chatgpt-dom-javascript-redirect-manipulation.yaml 9.66 KB
ATR-2026-00382-cocaine-component-development-request.yaml 10.74 KB
ATR-2026-00390-explicit-sexual-content-poem-request.yaml 10.34 KB
ATR-2026-00394-backspace-deletion-character-injection.yaml 8.57 KB
ATR-2026-00395-llm-special-token-boundary-injection.yaml 9.67 KB
ATR-2026-00396-toxic-continuation-prefix-injection.yaml 10.65 KB
ATR-2026-00397-snowball-impossible-reasoning-injection.yaml 11.27 KB
ATR-2026-00399-latent-injection-document-separator-token.yaml 9.59 KB
ATR-2026-00400-latent-injection-ignore-instruction-keyword.yaml 9.62 KB
ATR-2026-00401-leakreplay-cloze-mask-training-data-elicitation.yaml 8.28 KB
ATR-2026-00403-glitch-token-repeat-back-elicitation.yaml 8.05 KB
ATR-2026-00407-echo-sql-jinja-template-injection.yaml 8.12 KB
ATR-2026-00408-dra-parenthesis-character-reconstruction-attack.yaml 8 KB
ATR-2026-00409-phrasing-past-future-tense-harmful-query.yaml 8.88 KB
ATR-2026-00410-lmrc-harm-category-direct-elicitation.yaml 8.6 KB
ATR-2026-00412-figstep-image-list-multimodal-jailbreak.yaml 8.51 KB
ATR-2026-00414-continuation-ethnic-slur-completion-elicitation.yaml 8.7 KB
ATR-2026-00420-copilot-studio-sharepoint-indirect-injection.yaml 10.14 KB
ATR-2026-00442-quoted-exact-output-forcing.yaml 7.66 KB
ATR-2026-00443-word-fragment-concat-assembly.yaml 7.19 KB
ATR-2026-00444-unicode-obfuscation-in-user-input.yaml 6.71 KB
ATR-2026-00445-translation-hijack-with-side-output.yaml 7.08 KB
ATR-2026-00446-variable-assignment-payload-injection.yaml 7.32 KB
ATR-2026-00447-fictional-generation-containing-target.yaml 7.56 KB
ATR-2026-00452-direct-pwned-payload-injection.yaml 8.61 KB
ATR-2026-00453-secret-key-reveal-demand.yaml 8.98 KB
ATR-2026-00454-backslash-per-character-encoding.yaml 8.65 KB
ATR-2026-00455-no-period-output-override.yaml 8.31 KB
ATR-2026-00456-conditional-empty-input-injection.yaml 9.53 KB
ATR-2026-00457-garak-dan-to-every-prompt.yaml 9.03 KB
ATR-2026-00458-garak-dra-step-by-step.yaml 7.7 KB
ATR-2026-00459-garak-dan-an-ai-language.yaml 7.4 KB
ATR-2026-00460-garak-dan-no-matter-how.yaml 9.18 KB
ATR-2026-00461-garak-goodside-mixedunassigned.yaml 7.12 KB
ATR-2026-00462-garak-gcg-mixedunassigned.yaml 7.21 KB
ATR-2026-00463-garak-lmrc-mixedunassigned.yaml 6.96 KB
ATR-2026-00464-garak-dan-i-would-like.yaml 7.66 KB
ATR-2026-00465-garak-dan-your-prompt-here.yaml 7.8 KB
ATR-2026-00466-garak-latentinjection-following-text-from.yaml 7.61 KB
ATR-2026-00467-garak-dan-act-as-a.yaml 7.5 KB
ATR-2026-00468-garak-goat-the-target-llm.yaml 7.7 KB
ATR-2026-00469-garak-dan-at-the-end.yaml 7.6 KB
ATR-2026-00470-garak-dan-as-an-ai.yaml 8.71 KB
ATR-2026-00472-garak-dan-are-going-to.yaml 8.95 KB
ATR-2026-00473-garak-lmrc-how-can-i.yaml 7.63 KB
ATR-2026-00474-garak-dan-that-chatgpt-has.yaml 7.6 KB
ATR-2026-00475-garak-web-injection-alert-1-script.yaml 6.9 KB
ATR-2026-00476-garak-web-injection-javascript-alert-1.yaml 8.18 KB
ATR-2026-00477-garak-latentinjection-translate-the-following-text.yaml 7.88 KB
ATR-2026-00478-garak-latentinjection-abuse-contact-email.yaml 7.5 KB
ATR-2026-00479-garak-latentinjection-mixedunassigned.yaml 8.05 KB
ATR-2026-00480-garak-dan-the-role-of.yaml 8.13 KB
ATR-2026-00481-garak-dan-mixedunassigned.yaml 8.7 KB
ATR-2026-00482-garak-lmrc-what-s-an.yaml 6.83 KB
ATR-2026-00483-garak-dan-the-user-s.yaml 8.3 KB
ATR-2026-00484-garak-dan-and-you-will.yaml 8.23 KB
ATR-2026-00485-garak-dan-and-does-not.yaml 8.85 KB
ATR-2026-00486-garak-dan-t-care-about.yaml 7.4 KB
ATR-2026-00487-garak-dan-and-nothing-else.yaml 8.19 KB
ATR-2026-00488-garak-encoding-alert-1-script.yaml 7.07 KB
ATR-2026-00489-garak-encoding-javascript-alert-1.yaml 8.3 KB
ATR-2026-00490-garak-dan-in-order-to.yaml 9.54 KB
ATR-2026-00492-garak-dan-want-you-to.yaml 9.47 KB
ATR-2026-00493-garak-latentinjection-registrar-iana-id.yaml 9.38 KB
ATR-2026-00495-garak-dan-insert-prompt-here.yaml 11.8 KB
ATR-2026-00496-garak-dan-no-matter-what.yaml 8.64 KB
ATR-2026-00497-garak-encoding-mixedunassigned.yaml 8.95 KB
ATR-2026-00498-garak-web-injection-mixedunassigned.yaml 8.16 KB
ATR-2026-00499-garak-dan-from-now-on.yaml 9.25 KB
ATR-2026-00503-fake-error-state-takeover-unrestricted-replacement-bot.yaml 10.56 KB
ATR-2026-00506-nevermind-override-goal-hijacking-in-user-input-promptinject.yaml 8.15 KB
ATR-2026-00507-screaming-stop-goal-hijacking-in-user-input-promptinject.yaml 8.01 KB
ATR-2026-00508-escape-delimiter-wrapped-goal-hijacking-in-user-input-prompt.yaml 9.15 KB
ATR-2026-00509-prompt-leaking-via-ignore-previous-instructions-in-user-inpu.yaml 9.73 KB
ATR-2026-00510-delayed-tool-invocation-injection.yaml 11.54 KB
ATR-2026-00511-mcp-web-context-poisoning.yaml 10.96 KB
ATR-2026-00512-rules-file-backdoor-injection.yaml 11.47 KB
ATR-2026-00515-hidden-text-prompt-injection.yaml 12.23 KB
ATR-2026-00518-ignore-previous-and-following-instructions-output-command-promptinject.yaml 8.35 KB
ATR-2026-00519-tautology-logic-noise-injection-promptbench.yaml 7.75 KB
ATR-2026-00520-nlp-task-random-token-suffix-injection-promptbench.yaml 8.24 KB
ATR-2026-00535-windsurf-ide-zero-click-prompt-injection.yaml 11.97 KB
ATR-2026-00550-untrusted-retrieval-to-privileged-tool.yaml 11.38 KB
ATR-2026-00554-langchain-vulnerable-to-template-injecti.yaml 5.52 KB
ATR-2026-00565-the-llm-cli-tool-thru-0-27-1-contains-a-.yaml 8.07 KB
ATR-2026-00573-semantic-paraphrased-injection.yaml 7.41 KB
ATR-2026-00579-mcp-tool-description-line-jumping-injection.yaml 16.77 KB
ATR-2026-00584-indirect-injection-via-tool-response.yaml 19.08 KB
ATR-2026-00700-structured-data-payload-injection.yaml 6.44 KB
ATR-2026-00701-ipi-tool-output-xss-injection.yaml 5.31 KB
ATR-2026-01000-context-ignore-fake-completion-prefix.yaml 5.82 KB
ATR-2026-01001-direct-pi-instruction-override-secret-key.yaml 6.16 KB
ATR-2026-01002-role-escalation-false-authority-claim.yaml 6.42 KB
ATR-2026-01005-many-shot-repetition-override.yaml 5.76 KB
ATR-2026-01006-payload-split-string-concat-injection.yaml 6.46 KB
ATR-2026-01007-token-repeat-flooding-injection.yaml 5.09 KB
ATR-2026-01009-virtual-world-bypass-fictional-pii.yaml 5.83 KB
ATR-2026-01012-encoding-evasion-decode-execute.yaml 5.91 KB
ATR-2026-01013-language-evasion-multilingual-credential.yaml 7.92 KB
ATR-2026-01015-evasion-refusal-suppression.yaml 6.73 KB
ATR-2026-01016-evasion-response-priming-forced-opener.yaml 5.48 KB
ATR-2026-01017-evasion-dual-response-split-output.yaml 5.66 KB
ATR-2026-01018-evasion-shell-injection-eval.yaml 10.04 KB
ATR-2026-01019-sysprompt-override-fake-diagnostic-mode.yaml 7.28 KB
ATR-2026-01020-spikee-doc-embedded-base64-payload.yaml 5.21 KB
ATR-2026-01021-spikee-doc-embedded-translation-injection.yaml 5.24 KB
ATR-2026-01023-evasion-opposite-intent-negation-trick.yaml 4.81 KB
ATR-2026-01024-evasion-persona-override-rule-breaker.yaml 6.06 KB
ATR-2026-01025-evasion-hypothetical-fictional-execution-framing.yaml 6.42 KB
ATR-2026-01026-evasion-unicode-glitch-token-anomaly.yaml 6.84 KB
ATR-2026-01304-indirect-injection-carrier-important-override.yaml 7.82 KB
ATR-2026-01757-hypothetical-framing-bypass-research-audit.yaml 6.52 KB
ATR-2026-01758-hypothetical-fictional-story-bypass.yaml 7.07 KB
ATR-2026-01759-dos-new-important-instructions-injection-in-document.yaml 5.76 KB
ATR-2026-01771-semantic-jailbreak-framing.yaml 18.03 KB
ATR-2026-01800-asb-trigger-marker-tool-coercion.yaml 8.11 KB
ATR-2026-01860-llmail-chat-template-boundary-spoof.yaml 7.27 KB
ATR-2026-01861-llmail-pseudo-xml-role-injection.yaml 7.29 KB
ATR-2026-01865-llmail-fake-email-boundary-marker.yaml 6.79 KB
ATR-2026-01900-output-encoding.yaml 7.4 KB
ATR-2026-01901-output-scrambling.yaml 6.57 KB
ATR-2026-01902-output-emoji.yaml 4.3 KB
ATR-2026-01903-output-language.yaml 4.12 KB
ATR-2026-01904-link-injection.yaml 5.84 KB
ATR-2026-01905-promotional-injection.yaml 4.6 KB
ATR-2026-01906-content-manipulation.yaml 9.51 KB
ATR-2026-01920-access-grant-coercion.yaml 7.8 KB
ATR-2026-01921-access-denial-inversion.yaml 6.69 KB
ATR-2026-01922-authorization-state-spoofing.yaml 7.5 KB
ATR-2026-01923-forged-input-boundary-markers.yaml 7.18 KB
ATR-2026-01925-encoded-payload-decoding-coercion.yaml 8.68 KB
ATR-2026-01926-cross-lingual-authorization-laundering.yaml 6.95 KB

Free Open Source CDN for agent-threat-rules

Looking for a nice landing page for your package? https://www.jsdelivr.com/package/npm/agent-threat-rules