Perez-Style Direct Prompt Injection Hijacking - ATR-2026-00282 (a5d524b5-37f8-566f-9930-843c1285a660)
Detects direct prompt injection variants from the PromptInject framework (Perez & Ribeiro, NeurIPS 2022), specifically goal-hijacking attacks that interrupt legitimate task context with imperative override commands, delimiter escape sequences, and screaming-stop instructions. From NVIDIA garak promptinject.py probe. Key attack types: ignore-say (ignore context and say X), ignore-print (ignore context and print X), nevermind (nevermind the above, do Y instead), screaming-stop (IGNORE ALL PREVIOUS INSTRUCTIONS), delimiter-escape (using \n---\n or similar to break out of task context). This probe is the systematic coverage of the Perez et al. injection taxonomy.