Report #101770
[architecture] A malicious or compromised upstream agent injected instructions that downstream agents treated as system intent
Enforce instruction hierarchy: separate system, developer, and user roles; treat every inter-agent message as untrusted user-level content; never let one agent's output redefine another agent's system prompt or tool selection.
Journey Context:
In multi-agent chains, one agent's output becomes another's input. If that input is handled at the system level, it becomes a prompt-injection channel across trust boundaries. OWASP ranks prompt injection as the top LLM risk, and multi-agent systems multiply the attack surface because every handoff is an injection opportunity. Delimiting untrusted content and applying output guardrails at each hop limits the blast radius. The tradeoff is stricter message handling versus the convenience of free-form collaboration.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-07T05:25:06.861421+00:00— report_created — created