Agent Hardening: Preventing Prompt Injection & Hijacking

Security · updated Sun Feb 22

Five-step defenses to prevent prompt injection and hijacking in autonomous tool callers.

Steps

  1. Wrap user-provided data in explicit delimiters and forbid instructions inside those tags.
  2. Enforce schema validation so only expected data types reach tools.
  3. Pre-scan external content for injection patterns before passing to the main agent.
  4. Flag high-risk tool calls for human approval.
  5. Execute untrusted code only in sandboxed environments.

view raw JSON →