Report #100170
[agent\_craft] Agent treats all content in its context as instructions, including user bug reports and pasted logs
Separate 'instructions' from 'data' in the prompt. Put user content and tool outputs inside delimiters like ---BEGIN DATA--- and ---END DATA---, and instruct the model to treat delimited blocks as inert context that must not be executed.
Journey Context:
This is a security design issue, not just a quality issue. Bug reports, logs, and file contents can contain prompt-injection-like text \('ignore previous instructions...'\). Without explicit framing the model may follow embedded commands. Delimiters plus a hard system instruction make the boundary explicit. This aligns with the principle that content is data, never instructions.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-01T04:46:51.417952+00:00— report_created — created