SiteLauncher
Deploy live HTTPS websites instantly with subdomain or custom .xyz domain support, paid via USDC on Base chain.
0Tools
19Findings
0Stars
Mar 24, 2026Last Scanned
4 critical · 13 high · 1 medium · 1 low findings detected
Security Category Deep Dive
Prompt Injection
Prompt & context manipulation attacks
69
Maturity
14
Rules
5
Sub-Categories
1
Gaps
64%
Implemented
56
Tests
1
Stories
Findings8
8 high
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L358 interpolates error variable "err" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L394 interpolates error variable "err" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L415 interpolates error variable "err" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L437 interpolates error variable "err" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L149 interpolates error variable "err" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L39 interpolates error variable "err" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L280 interpolates error variable "err" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L318 interpolates error variable "err" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
100%3 rules
Injection via tool descriptions and parameter fields
GAP-001Prompt Injection Coverage GapMissing detection coverage for emerging prompt injection attack variants not addressed by current rules
100%4 rules
Hidden instructions via external content and tool responses
100%2 rules
Context window saturation and prior-approval exploitation
100%3 rules
Payload hiding via invisible chars, base64, schema fields
50%2 rules1 found
Injection via prompt templates and runtime tool output