THREAT OPS › Threat News › Building an Indirect Prompt Injection Workflow
Building an Indirect Prompt Injection Workflow
<p class="wp-block-paragraph"><em><strong>TL;DR: </strong>This post covers how I used OpenAI’s Codex to automate the generation, testing, and refinement of indirect prompt injection payloads against an agentic system using Sonnet 4.5 and 4.6 models on Amazon Bedrock.</em></p>
<h2 class="wp-block-heading" id="h-introduction">Introduction</h2>
<p class="wp-block-paragraph">This project began a
MITRE ATT&CK techniques
- ImpersonationT1684.001
- System PromptAML.T0069.002
- ImpersonationAML.T0073
Indicators of compromise
- https://<BEDROCK_ENDPOINT>url
- https://api.notion.com/v1/search>url
- https://<BEDROCK_ENDPOINT>/chat/completionsurl
- https://www.forcepoint.com/blog/x-labs/indirect-prompt-injection-payloadsurl
- company.comdomain
- company.netdomain