#!/usr/bin/env bash # Scan markdown documentation for prompt injection patterns. # Designed to catch hidden directives, role overrides, and system prompt # markers that could influence LLM behavior when docs are ingested as context. # # Usage: # bash scripts/docs-prompt-injection-scan.sh # scan staged .md files # bash scripts/docs-prompt-injection-scan.sh --diff origin/main # scan changed .md files vs branch # bash scripts/docs-prompt-injection-scan.sh --file README.md # scan a single file set -euo pipefail RED='\033[0;31m' YELLOW='\033[1;33m' CYAN='\033[0;36m' NC='\033[0m' IGNOREFILE=".prompt-injection-scanignore" EXIT_CODE=0 FINDINGS=0 # ── Patterns ────────────────────────────────────────────────────────── # Format: "Label:::flags:::regex" # Flags: i = case-insensitive PATTERNS=( # System prompt markers "System prompt marker:::i:::" "System prompt marker:::i:::<\|im_start\|>system" "System prompt marker:::i:::\[SYSTEM\][[:space:]]*:" # Role injection / override "Role injection:::i:::you are now [a-z]" "Instruction override:::i:::ignore (all )?previous instructions" "Instruction override:::i:::ignore (all )?prior instructions" "Instruction override:::i:::disregard (all )?(above|previous|prior)" "Instruction override:::i:::forget (all )?(above|previous|prior) (instructions|context|rules)" "Instruction override:::i:::new instructions:" "Instruction override:::i:::override (all )?instructions" "Instruction override:::i:::your new role is" "Instruction override:::i:::from now on,? (you (are|will|must|should)|act as)" # Hidden HTML directives "Hidden HTML directive::::::