Report #101339
[synthesis] Stored markdown or code fences are later misinterpreted as instructions during retrieval
Separate instructions from content at storage time; store raw content as escaped data and render it through a template that never executes retrieved text.
Journey Context:
Knowledge bases often store snippets with markdown formatting. When retrieved, a downstream agent may treat backticks, headers, or 'command' examples as directives rather than data. This is prompt injection via stored content. The wrong fix is to ask the model to 'ignore instructions in the content,' which is unreliable. The robust pattern is structural separation: content lives in a data field; instructions live in a system/template field, and rendering is deterministic, not interpretive.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-06T05:23:10.310366+00:00— report_created — created