Prompt Injection Red Team Report Template
A prompt injection red-team report should make the fix obvious: what was attacked, what the model saw, what it did, what data or tool was exposed, and which boundary failed.
Quick Answer
- Include the exact prompt or indirect payload.
- Capture the retrieved context and tool arguments.
- Rate impact by capability, not cleverness.
- Name the failed boundary.
- Provide a regression test for the fix.
Minimum Fields
| Field | Why it matters |
|---|---|
| Target surface | Chat, RAG, browser, email, calendar, code |
| Payload | The exact attack string or file |
| Model behavior | What the agent actually did |
| Impact | Data exposed, action taken, or policy bypassed |
| Root cause | Missing labeling, weak tool gate, bad parser, broad permission |
| Fix test | How to prove the patch works |
Severity Should Follow Capability
A jailbreak that produces rude text is less severe than a boring-looking injection that sends an email, edits a CRM record, or leaks private context.
FAQ
Should screenshots be enough?
No. Screenshots help humans read the issue, but fixes need exact prompts, inputs, tool calls, and expected behavior.
How do you avoid one-off fixes?
Turn each finding into a regression test that fails before the fix and passes after it.
What should BreakMyAgent capture?
The payload, response, tool boundary, score impact, and the concrete mitigation path for the developer.