ChatInject: Abusing Chat Templates for Prompt Injection in LLM Agents

ArXi:2509.22830v3 Announce Type: replace The growing deployment of large language model (LLM) based agents that interact with external environments has created new attack surfaces for adversarial manipulation. One major threat is indirect prompt injection, where attackers embed malicious instructions in external environment output, causing agents to interpret and execute them as if they were legitimate prompts.